Google, which has already paid security researchers over $15 million since launching its bug bounty program in 2010, today increased bug bounties across the Chrome Vulnerability Reward Program and the Google Play Security Reward Program.
Bug bounty programs are a great complement to existing internal security programs. They help motivate individuals and hacker groups to not only find flaws but disclose them properly, instead of using them maliciously or selling them to parties that will. Rewarding security researchers with bounties costs peanuts compared to paying for a serious security snafu.
Since 2010, the Chrome Vulnerability Rewards Program has received over 8,500 reports and paid out over $5 million. Those changes have not only helped secure Chrome, but also other Chromium-based browsers.
Google is now tripling the maximum baseline reward amount from $5,000 to $15,000, doubling the maximum reward amount for high quality reports from $15,000 to $30,000, and doubling the additional bonus given to bugs found via the Chrome Fuzzer Program from $500 to $1,000. Google has also clarified what it considers a high quality report and updated the bug categories.
For Chrome OS, Google is increasing the standing reward from $100,000 to $150,000 for exploit chains that can compromise a Chromebook or Chromebox with persistence in guest mode. The company has also added reward categories for security bugs in firmware and lock screen bypasses.
Finally, Google has quadrupled Google Play rewards for remote code execution bugs from $5,000 to $20,000. The company has also tripled theft of insecure private data and protected app components from $1,000 to $3,000. Keep in mind this program also has bonus rewards for responsibly disclosing vulnerabilities to participating app developers.
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more