This is why the Google Patch Reward program was launched just a month and a half ago or so. Its goal was quite simple – help the maintainers of a given project patch a security vulnerability and get financially reimbursed for your efforts. Until today, however, the Android Open Source Project (AOSP) wasn't a part of the program, which was just a shame, seeing as its popularity has sky-rocketed to a point of near ubiquity. As you gleaned from the title, that's about to change, as Google has finally added AOSP, along with a bunch of other projects into the mix, and is now offering financial incentives in the $500 to $3,133.7 range (good one). If your submission is particularly creative, Google may agree to pay out even a bigger sum, one that has no set range.
In any case, it's nice to see Android (at least the open parts of it) become part of such incentive programs, so here goes our props to Google for not settling and keeping the effort up.
Source: Google 1, 2