Google has expanded its bug-bounty program to cover vulnerabilities uncovered in Android.
The program began with Chrome and expanded to Google Web sites and other open-source software projects. Under the program, people who find security holes get paid bounties. That often equates to a few hundred dollars, but particularly skilled attacks can mean big money — $50,000 last week for one expert who goes by the name Pinkie Pie, for example.
The broader expansion, called the Patch Reward Program, now includes Android, Google security team member Michal Zalewski said in a blog post Monday.
The program also includes three widely used Web server packages: Apache’s http, Nginx, and Lighttpd, Zalewski said.