Google intends to roll out this program gradually, based on the quality of the received submissions and the feedback from the developer community. The initial scope is set to:
- Core infrastructure network services: OpenSSH, BIND, ISC DHCP
- Core infrastructure image parsers: libjpeg, libjpeg-turbo, libpng, giflib
- Open-source foundations of Google Chrome: Chromium, Blink
- Other high-impact libraries: OpenSSL, zlib
- Security-critical, commonly used components of the Linux kernel (including KVM)
Read more here – http://googleonlinesecurity.blogspot.com/2013/10/going-beyond-vulnerability-rewards.html?m=1