/>
X
Business

Google bumps up bug bounty to $20,000

The reward Google pays to researchers who find exploitable flaws in its services has risen dramatically, from $3,133.70 to $20,000.
karen-friar.jpg
Written by Karen Friar, Contributor on

The reward Google pays to researchers who find exploitable flaws in its services has risen dramatically, from $3,133.70 to $20,000.

On Monday, the company introduced new rules for its Vulnerability Reward Program, bringing in the higher bounty but also dropping lower payments for less-sensitive security issues.

"While every flaw deserves appropriate attention, we are likely to issue a higher reward for a cross-site scripting vulnerability in Google Wallet than one in Google Art Project, where the potential risk to user data is significantly smaller," it said in a post to the Google Online Security Blog.

The $20,000 (£12,390) bounty will be given to security researchers who discover flaws that allow remote code execution in Google's web services that involve sensitive data. Almost all the content on Google.com, YouTube, Blogger and Orkut is covered, the company said, as are sensitive services such as Google Wallet and Google Play.

One new rule is the addition of a $10,000 payment for the discovery of SQL injection flaws and similar bugs, and for "significant authentication bypass or information leak".

Google will also hand over amounts ranging from $100 to £5,000 for vulnerabilities such as cross-site scripting in lower-priority sites, while it will not pay out at all for holes found in software from recent acquisitions.

Since the company introduced its bug bounty programme in November 2010, it has handed out about $460,000 to around 200 people, having received more than 780 applicable flaw reports. In the past, the programme has been criticised for covering Google's web-based services only and not vulnerabilities in its Android mobile OS, for example.

Editorial standards

Related

Southwest Airlines has a big problem and customers may not know it
screen-shot-2022-09-27-at-9-38-07-am.png

Southwest Airlines has a big problem and customers may not know it

American Airlines may end a real customer advantage for a sad, twisted reason
screen-shot-2022-07-06-at-4-32-47-pm.png

American Airlines may end a real customer advantage for a sad, twisted reason

I went to an Apple store and all I heard was bad news
iPhone 14 Pro and Pro Max

I went to an Apple store and all I heard was bad news