Google quintuples maximum bug bounty to $20,000

Google quintuples maximum bug bounty to $20,000

Summary: Google is more than quintupling the top bounty it will pay for information on security holes in its products to $20,000. Other, less-important, bounties are, however, being decreased.

SHARE:
2

Google today announced it is rolling out updated rules for its Vulnerability Reward Program, in celebration of the program's recent anniversary. These include new reward amounts for the various bugs security researchers disclose. In fact, the company is more than quintupling the maximum amount from the previous top reward of $3,133.70, which the company announced in July 2011.

Here are three of the new reward amounts Google chose to highlight (the full table is embedded above):

  • $20,000 for qualifying vulnerabilities that the reward panel determines will allow code execution on our production systems.
  • $10,000 for SQL injection and equivalent vulnerabilities; and for certain types of information disclosure, authentication, and authorization bypass bugs.
  • Up to $3,133.7 for many types of XSS, XSRF, and other high-impact flaws in highly sensitive applications.

There aren't just bounty increases in the new rules. Google has also implemented reduced rewards for vulnerabilities discovered in non-integrated acquisitions, for lower risk issues, and where the potential risk to user data is significantly smaller.

Google says this move will "help focus the research on bringing the greatest benefit to our users." The search giant gave the example of likely issuing a higher reward for a cross-site scripting vulnerability in Google Wallet than one in Google Art Project.

Mountain View also took the opportunity to say that it has so far received over 780 qualifying vulnerability reports that span across the hundreds of Google-developed services, as well as the software written by 50 or so companies it has acquired. In just over a year, the program has paid out around $460,000 to roughly 200 individuals.

See also:

Topics: Apps, Browser, Google, Security

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Google quintuples maximum bug bounty to $20,000

    Kudos to Google.
    daikon
  • Hogan Uomo Interactive Black/Deep Blue

    "Hogan Uomo Interactive Black/Deep Blue" Descrizione
    Marchio: Hogan Scarpe
    Puntale: round
    Modalit?? chiusa: lace
    Materiale: suole di gomma
    Production process: adhesive scarpe
    Forma:tacchi piatto
    Dimensioni:euro 38-46
    Stile:hogan tempo libero scarpe
    Situazione: quotidiano tempo libero Marchio: Hogan Scarpe
    Puntale: round
    Modalit?? chiusa: lace
    Materiale: suole di gomma
    Production process: adhesive scarpe
    Forma:tacchi piatto
    Dimensioni:euro 38-46
    Stile:hogan tempo libero scarpe
    Situazione: quotidiano tempo libero
    http://www.hogan-outlet-scarpe.com/
    hogan2012