The internet giant said on its blog that the programme was designed to reward those who contributed to making the internet a safer environment.
"The goal is very simple: To recognise and reward proactive security improvements to third-party open-source projects that are vital to the health of the entire internet," wrote Michal Zalewski of the Google Security Team.
The rewards range from $500 to $3 133.70 and Google was careful to point out that the expanded list of projects included would be rewarded solely at the discretion of the maintainers of the project.
The company also wants to avoid the situation of a bounty resulting in a flood of submissions that may overwhelm the project managers.
Google said that the rewards were flexible and unclaimed rewards would be donated to charity.
"We may choose higher rewards for unusually clever or complex submissions; we may also split the reward between the submitter and the maintainers of the project in cases where the patch required a substantial additional effort on behalf of the development team."
Critically, Google said that it would not allow submissions from countries on the US sanctions list (Cuba, North Korea; Iran, among others) and was careful to insist that the programme was not a competition.
"You should understand that we can cancel the program at any time and the decision as to whether or not to pay a reward has to be entirely at our discretion," Google said.
- Follow Duncan on Twitter