All the latest UK technology news, reviews and analysis


Google ups top security bug reward to $5,000

13 Aug 2013
google-money-bags

Google has increased the maximum reward available to researchers participating in its Chromium and Google Web Vulnerability Reward Programs (VRPs) to $5,000 and revealed it has issued over $2m worth of payments to bug hunters.

Google's Chrome security head Chris Evans and security program manager Adam Mein revealed the news in a blog posting, confirming that the company has received 2,000 threat reports from independent researchers since launching the bug bounty programs in 2010. The Google masters said to celebrate the programs' success Google will increase the maximum reward available for finding bugs to $5,000.

"Today we're delighted to announce we've now paid out in excess of $2,000,000 across Google's security reward initiatives. Broken down, this total includes more than $1,000,000 for the Chromium VRP and Pwnium rewards, and in excess of $1,000,000 for the Google Web VRP rewards," they wrote.

"Today, the Chromium program is raising reward levels significantly. In a nutshell, bugs previously rewarded at the $1,000 level will now be considered for reward at up to $5,000. In many cases, this will be a five-times increase in reward level."

The two added the company will continue to issue even higher payments on a case-by-case basis.

"We'll issue higher rewards for bugs we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity. We will continue to pay previously announced bonuses on top, such as those for providing a patch or finding an issue in a critical piece of open-source software," they wrote.

Google is one of many tech companies to offer researchers monetary rewards for spotting security flaws in their products. Facebook issued a massive $20,000 to a security researcher for spotting a critical flaw leaving its users open to attack by hackers. Security news aggregator Packet Storm also runs an ongoing bug bounty program, which offers up to $7,000 for working exploits.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
5%
10%
4%
20%
4%
44%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

IS Systems Support Engineer

Systems Support Engineer, Belfast Area Hays IT, Belfast...

Senior .NET Developer REST C# ASP.NET Web API Finance London

Senior .NET Developer (REST C# MVC ASP.NET Web API RESTful...

Testing analyst

Test Analyst/QA Analyst/Software Tester - Belfast- circa...

Lead .NET Developer ASP.NET Web API C# REST MVC Finance London

Lead .NET Developer (Development Team Leader REST C...
To send to more than one email address, simply separate each address with a comma.