Google has increased the maximum reward available to researchers participating in its Chromium and Google Web Vulnerability Reward Programs (VRPs) to $5,000 and revealed it has issued over $2m worth of payments to bug hunters.
Google's Chrome security head Chris Evans and security program manager Adam Mein revealed the news in a blog posting, confirming that the company has received 2,000 threat reports from independent researchers since launching the bug bounty programs in 2010. The Google masters said to celebrate the programs' success Google will increase the maximum reward available for finding bugs to $5,000.
"Today we're delighted to announce we've now paid out in excess of $2,000,000 across Google's security reward initiatives. Broken down, this total includes more than $1,000,000 for the Chromium VRP and Pwnium rewards, and in excess of $1,000,000 for the Google Web VRP rewards," they wrote.
"Today, the Chromium program is raising reward levels significantly. In a nutshell, bugs previously rewarded at the $1,000 level will now be considered for reward at up to $5,000. In many cases, this will be a five-times increase in reward level."
The two added the company will continue to issue even higher payments on a case-by-case basis.
"We'll issue higher rewards for bugs we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity. We will continue to pay previously announced bonuses on top, such as those for providing a patch or finding an issue in a critical piece of open-source software," they wrote.
Google is one of many tech companies to offer researchers monetary rewards for spotting security flaws in their products. Facebook issued a massive $20,000 to a security researcher for spotting a critical flaw leaving its users open to attack by hackers. Security news aggregator Packet Storm also runs an ongoing bug bounty program, which offers up to $7,000 for working exploits.