It's bound to happen: you create a cool, forward looking incentive program designed to tap the "wisdom of the crowd" and help make your products better, only to find out that, in fact, the "crowd" isn't all that wise - and now wants you to pay cold, hard cash for their tepid ideas.
That's the experience that Google appears to have had since announcing that it would extend its bounty program for bugs from its Chromium platform to the various Web applications that the company owns in early November. In an updated blog post this week, the company said that it has already committed to some $20,000 in bounties, but also provided some "clarification" to the terms of the reward program, saying that - in essence - not all bugs are equal and that researchers dumping low priority vulns shouldn't expect to get much in return.

The link for this article located at ThreatPost is no longer available.