Google reveals major increase in bug bounty rewards — so get hunting
Finding a Remote Code Execution flaw discovery can buy you a year-long vacation
Google has increased the payouts in its bug bounty program by a factor of five as it looks to further incentivize security researchers.
The company’s information security engineers Sam Erb and Krzysztof Kotowicz wrote that since its products have gotten more secure, finding bugs has become a lot more challenging. This increase in difficulty will now be reflected in the rewards.
“As our systems have become more secure over time, we know it is taking much longer to find bugs – with that in mind, we are very excited to announce that we are updating our reward amounts by up to 5x, with a maximum reward of $151,515 USD ($101,010 for an RCE in our most sensitive products, with a 1.5x modifier applied for exceptional report quality = $151,515),” the researchers said.
Starting on July 11
It is also worth mentioning that Google introduced an additional modifier, depending on the quality of the report. Low quality reports will get a 0.5x reward amount modifier, good quality ones 1x modifier, and exceptional quality ones 1.5x modifier. A more detailed breakdown of the rewards can be found on this link.
Google said that the new rewards tier starts on July 11, at 00:00 UTC and only applies to vulnerabilities submitted after this moment. Furthermore, the company recently introduced additional payment options, such as the ability to receive payments via Bugcrowd.
The search engine behemoth kickstarted its Vulnerability Reward Program (VRP) more than a decade ago, in 2010. Since then, it paid more than $50 million in bounties, BleepingComputer reports, to security researchers who discovered more than 15,000 vulnerabilities. Just last year, it paid out $10 million in bug bounties, with the highest reward being $113,337.
More from TechRadar Pro
- Google unveils major new bug bounty program to help boost security across the board
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.