Google, which introduced its bug bounty program three years ago, announced this week that it has doled out more than $2 million to vulnerability hunters.

The company actually offers two programs, one for Google-owned services, such as its flagship site, and another for the Chromium Project, the open source web browser that operates Google Chrome. When combined, more than 2,000 bugs were reported on and fixed, according to a Google blog post.