Skip the navigation

Google raises bug bounties to $20,000

May 7, 2012 06:00 AM ET

Computerworld - Google has dramatically raised the bounties it pays independent researchers for reporting bugs in its websites, services and online apps.

The search giant boosted the maximum reward from $3,133 to $20,000, and added a $10,000 payment that will be awarded for SQL injection bugs or for what it deems to be "significant" authentication bypass or data leak vulnerabilities.

In general, though, the Vulnerability Reward Program (VRP) will now pay $20,000 for flaws that allow remote code execution against Google.com, YouTube.com and other core domains, as well as what the company called "highly sensitive services," including its search site.

The term "remote code execution" refers to the most serious category of vulnerabilities: those that allow an attacker to hijack a system and/or plant malware on a machine.

People who find other bugs will be paid $100 to $3,133, depending on the severity of the problem and where the vulnerability resides.

Since VRP's introduction, Google has received over 780 eligible bug reports and, in just over a year, paid out around $460,000 to 200 researchers. The company described the higher bounties as a way "to celebrate the success of this [program]."

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.

Read more about Security in Computerworld's Security Topic Center.



Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!