Google's security team have invited researchers to try their hand at demonstrating an attack on almost any of its web properties, including google.com, youtube.com, blogger.com and orkut.com.
"Any Google web properties which display or manage highly sensitive authenticated user data or accounts may be in scope," its security team explained.
The program extends a previous campaign that rewarded researchers for discovering security flaws in its Chrome browser.
Like that vulnerability program, Google is offering payment to researchers who find a bug, however it almost doubled the upper limit for finding "unusually clever" bugs.
The base offer, as for Chrome, is US$500 while the new top reward is US$3,133, two thousand more than under Chrome.
Bugs in scope include cross-site scripting flaws, bypassing its authorisation controls and "server side ... command injection".
Not surprisingly, Google's said its own corporate infrastructure was "definitively excluded".
Other attacks it didn't want researchers to launch against it included denial of service bugs, attacks on web properties hosted by third parties, and recently acquired technologies.
Also out of scope were its client applications such as Android, Picasa and Google Desktop.
Copyright © iTnews.com.au . All rights reserved.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.