Google reveals major increase in bug bounty rewards — so get hunting

An angled close up of the Google sign logo at a Google office
(Image credit: Shutterstock/Jay Fog)

Google has increased the payouts in its bug bounty program by a factor of five as it looks to further incentivize security researchers. 

The company’s information security engineers Sam Erb and Krzysztof Kotowicz wrote that since its products have gotten more secure, finding bugs has become a lot more challenging. This increase in difficulty will now be reflected in the rewards. 

“As our systems have become more secure over time, we know it is taking much longer to find bugs – with that in mind, we are very excited to announce that we are updating our reward amounts by up to 5x, with a maximum reward of $151,515 USD ($101,010 for an RCE in our most sensitive products, with a 1.5x modifier applied for exceptional report quality = $151,515),” the researchers said.

Starting on July 11

It is also worth mentioning that Google introduced an additional modifier, depending on the quality of the report. Low quality reports will get a 0.5x reward amount modifier, good quality ones 1x modifier, and exceptional quality ones 1.5x modifier. A more detailed breakdown of the rewards can be found on this link.

Google said that the new rewards tier starts on July 11, at 00:00 UTC and only applies to vulnerabilities submitted after this moment. Furthermore, the company recently introduced additional payment options, such as the ability to receive payments via Bugcrowd. 

The search engine behemoth kickstarted its Vulnerability Reward Program (VRP) more than a decade ago, in 2010. Since then, it paid more than $50 million in bounties, BleepingComputer reports, to security researchers who discovered more than 15,000 vulnerabilities. Just last year, it paid out $10 million in bug bounties, with the highest reward being $113,337.

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.