Trailrunner7 writes "It's bound to happen: you create a cool, forward looking incentive program designed to tap the 'wisdom of the crowd' and help make your products better, only to find out that, in fact, the 'crowd' isn't all that wise — and now wants you to pay cold, hard cash for their tepid ideas. That's the experience that Google appears to have had since announcing that it would extend its bounty program for bugs from its Chromium platform to the various Web applications that the company owns. In an updated blog post this week, the company said it has already committed to some $20,000 in bounties, but also provided some 'clarification' to the terms of the reward program, saying that — in essence — not all bugs are equal and that researchers dumping low priority vulnerabilities shouldn't expect to get much in return. 'The review committee has been somewhat generous this first week,' wrote Google's Security Team in a blog post. 'We've granted a number of awards for bugs of low severity, or that wouldn't normally fall under the conditions we originally described.'"