Google increases rewards for bug bounty programs

Summary:Even though it only recently increased its rewards for researchers who collaboratively disclose vulnerabilities with the company, Google has again increased its bug bounties, particularly around cross-site scripting flaws.

Google has again bumped up payouts for its web vulnerability rewards program.

Posting on its online security blog, the company made two updates to its program to increase the caps for certain vulnerabilities, as well as updating the rules for its reward program.

As a result of the changes, the reward for cross-site scripting (XSS) flaws will be bumped up, depending on what services are affected. For those on accounts.google.com, the reward has been boosted to US$7,500 from US$3,133.70.

For "highly sensitive services", such as Gmail and Google Wallet, the reward is now US$5,000, up from US$1,337. Any other XSS flaws on Google's properties attract $3,133.70, an increase from the former US$500 reward.

In addition to the bounties offered for XSS flaws, Google also bumped up the value of rewards for "significant authentication bypasses/information leaks" to US$7,500 from $5,000.

Google has been progressively increasing its bug bounties over the past few years, such as quintupling its maximum bounty possible in April last year, and increasing cash incentives for its Chromium vulnerability rewards program later in August.

Topics: Security, Google, Web development

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.