"big payouts will go to researchers who find and report vulnerabilities in the 'most sensitive' of the Google-maintained open-source projects: Bazel, Angular, Golang, Protocol Buffers, and Fuchsia"

https://www.theregister.com/2022/08/30/google_open_source_bug_bounty/