Google announced Tuesday it would offer bounties up to $3,133.7 for expanding the functionality its open-source hyperscale networking vulnerability scanner, Tsunami.
The vulnerability scanner debuted to the public last summer.
"We hope this program will allow us to quickly extend the detection capabilities of the scanner to better benefit our users and uncover more vulnerabilities in their network infrastructure," members of the Google vulnerability management team wrote in a blog post.
The program, which Google describes as "experimental," will focus on two categories of submissions: vulnerability detectors and web application fingerprints.
To receive the maximum bounty of $3,133.7, a submitter must offer code to scan for a critical severity vulnerability with large attack radii released within the past two weeks. Smaller bounties will go to vulnerabilities that are high severity, older than two weeks or both.
A bounty of $500 will go to web application fingerprints and the corresponding automation scripts.
The large-impact products that qualify for scanning bounties include webmail clients, databases, application frameworks, coding notebooks, configuration tools and other broadly used software described on Google's bounty page.
"As with other Security Reward Programs, rewards can be donated to charity — and we'll double your donation if you choose to do so. We'll run this program in iterations so that everyone interested has the opportunity to participate," the team wrote.