Google bumps up bug bounty to $20,000

Google bumps up bug bounty to $20,000

Summary: The reward Google pays to researchers who find exploitable flaws in its services has risen dramatically, from $3,133.70 to $20,000.

SHARE:
TOPICS: Tech Industry
0

The reward Google pays to researchers who find exploitable flaws in its services has risen dramatically, from $3,133.70 to $20,000.

On Monday, the company introduced new rules for its Vulnerability Reward Program, bringing in the higher bounty but also dropping lower payments for less-sensitive security issues.

"While every flaw deserves appropriate attention, we are likely to issue a higher reward for a cross-site scripting vulnerability in Google Wallet than one in Google Art Project, where the potential risk to user data is significantly smaller," it said in a post to the Google Online Security Blog.

The $20,000 (£12,390) bounty will be given to security researchers who discover flaws that allow remote code execution in Google's web services that involve sensitive data. Almost all the content on Google.com, YouTube, Blogger and Orkut is covered, the company said, as are sensitive services such as Google Wallet and Google Play.

One new rule is the addition of a $10,000 payment for the discovery of SQL injection flaws and similar bugs, and for "significant authentication bypass or information leak".

Google will also hand over amounts ranging from $100 to £5,000 for vulnerabilities such as cross-site scripting in lower-priority sites, while it will not pay out at all for holes found in software from recent acquisitions.

Since the company introduced its bug bounty programme in November 2010, it has handed out about $460,000 to around 200 people, having received more than 780 applicable flaw reports. In the past, the programme has been criticised for covering Google's web-based services only and not vulnerabilities in its Android mobile OS, for example.

Topic: Tech Industry

Karen Friar

About Karen Friar

Karen Friar is news editor for ZDNet in the UK, based in London. She started out in film journalism in San Francisco, before making the switch to tech coverage at ZDNet.com. Next came a move to CNET News.com, where she looked after west coast coverage of business technology, and finally a return to her homeland with ZDNet UK.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion