Google says it plans to be more proactive in its bug and vulnerability hunting and is now offering money before patch work is completed, as opposed to after the fact.
Security needs to be a proactive enterprise, which usually means that companies such as Google have to fund bug-hunting programs so that they know about the problems before they can cause a problem. The Patch Rewards program for third-party open-source projects is a good example, and, until now, it worked by rewarding developers for discovering vulnerabilities and other issues.
One change Google is implementing in the Patch Rewards program is to make it proactive. More precisely, it will pay the developers of third-party open-source programs for security improvements.