Google raises bug bounties to $20,000
Computerworld - Google has dramatically raised the bounties it pays independent researchers for reporting bugs in its websites, services and online apps.
The search giant boosted the maximum reward from $3,133 to $20,000, and added a $10,000 payment that will be awarded for SQL injection bugs or for what it deems to be "significant" authentication bypass or data leak vulnerabilities.
In general, though, the Vulnerability Reward Program (VRP) will now pay $20,000 for flaws that allow remote code execution against Google.com, YouTube.com and other core domains, as well as what the company called "highly sensitive services," including its search site.
The term "remote code execution" refers to the most serious category of vulnerabilities: those that allow an attacker to hijack a system and/or plant malware on a machine.
People who find other bugs will be paid $100 to $3,133, depending on the severity of the problem and where the vulnerability resides.
Since VRP's introduction, Google has received over 780 eligible bug reports and, in just over a year, paid out around $460,000 to 200 researchers. The company described the higher bounties as a way "to celebrate the success of this [program]."
This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.
Read more about Security in Computerworld's Security Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!