Google increases rewards for bug bounty programs

Even though it only recently increased its rewards for researchers who collaboratively disclose vulnerabilities with the company, Google has again increased its bug bounties, particularly around cross-site scripting flaws.

Google has again bumped up payouts for its web vulnerability rewards program.

Posting on its online security blog, the company made two updates to its program to increase the caps for certain vulnerabilities, as well as updating the rules for its reward program.

As a result of the changes, the reward for cross-site scripting (XSS) flaws will be bumped up, depending on what services are affected. For those on, the reward has been boosted to US$7,500 from US$3,133.70.

For "highly sensitive services", such as Gmail and Google Wallet, the reward is now US$5,000, up from US$1,337. Any other XSS flaws on Google's properties attract $3,133.70, an increase from the former US$500 reward.

In addition to the bounties offered for XSS flaws, Google also bumped up the value of rewards for "significant authentication bypasses/information leaks" to US$7,500 from $5,000.

Google has been progressively increasing its bug bounties over the past few years, such as quintupling its maximum bounty possible in April last year, and increasing cash incentives for its Chromium vulnerability rewards program later in August.