If you’re a bug hunter for companies such as Google and Facebook, the last few weeks have been good to you. Google announced today that it has officially given out over $2 million to people who poke holes in its systems on purpose.
Google’s vulnerability rewards programs invite people of all types to hack its systems and products looking for security issues. When an issue is found, the company awards that person with a sum of money depending on just how substantial that vulnerability is.
Specifically, Google’s bug finding programs are separated into its Web department and “Chromium,” dealing with its Chrome browser. It seems folks have been able to find issues in both pretty equally, as the $2 million total is split down the middle between the two programs.
But the money made from finding bugs often doesn’t outdo the money someone could get by selling it on the black market. Perhaps this factored into Google’s decision to up the amount of money it gives out for each Chromium bug. Vulnerabilities that once fetched $1,000 will now be worth $5,000. Google suspects the amount paid out for bugs will increase by five times across the board.
Those bug-hunting on the Web side will see increases, but at different rates.
Facebook recently announced that it too has hit a milestone with $1 million paid out in its Bug Bounty program. The company has given out a bounty as high as $20,000 for high-priority security issues.