Security patches cost Google $410,000 in finder's fees

Google has revealed that it has paid out over $410,000 to security researchers for hunting out security bugs in the web applications it has developed.

The payments were made as part of Google's so-called Bug Bounty programme, which rewards those that spot vulnerabilities in its applications and has been running since November 2010.

More than 200 people have reported over 1,100 bugs since the programme was launched in November 2010, Adam Mein a technical programme manager in Google's security team wrote on the firm's security blog.

But only 730 of the bugs uncovered qualified for a reward - and given that the maximum payout is capped at around $3,100, it's clear that only a mere handful get the full whack.

As well as handing over cash, Google rewards those who have helped it identify bugs in its code by including them in its hall of fame.

"Roughly half of the bugs that received a reward were discovered in software written by approximately 50 companies that Google acquired; the rest were distributed across applications developed by Google," said Mein.

Google initially began rewarding researchers for spotting bugs in its web browser codes before subsequently extending the programme to cover all of its web applications.

Other companies, including Facebook and Barracuda Networks have also adopted the use of reward programmes to encourage users to report potential security threats.