For the past 3+ years, I've been working on application security things in Google's information security team. Despite spending many of my waking hours on this topic, I don't talk much about security here. Frankly, I haven't worked on anything novel or Google-independent in a long time, and many of my colleagues have much more interesting and enlightening things to say on the subject. But here's an exception to that silence: On Monday, we announced a new web security research reward program. This follows our Chromium security reward program and Mozilla's reward program, and is something I'm particularly happy about. A lot of security researchers and web tinkerers (for those that oppose formal titles) have reported clever vulnerabilities over the years and ultimately improved the security of our applications and users, so I'm happy we can more formally bestow a small token of our appreciation.
P.S. If you want some practice in the arts of webhacking, check out this Web Exploits & Defenses Codelab that I helped write awhile ago with Bruce Leban, Mugdha Bendre, and Vincent Ngo.