All the latest UK technology news, reviews and analysis

Google ups top security bug reward to $5,000

13 Aug 2013

Google has increased the maximum reward available to researchers participating in its Chromium and Google Web Vulnerability Reward Programs (VRPs) to $5,000 and revealed it has issued over $2m worth of payments to bug hunters.

Google's Chrome security head Chris Evans and security program manager Adam Mein revealed the news in a blog posting, confirming that the company has received 2,000 threat reports from independent researchers since launching the bug bounty programs in 2010. The Google masters said to celebrate the programs' success Google will increase the maximum reward available for finding bugs to $5,000.

"Today we're delighted to announce we've now paid out in excess of $2,000,000 across Google's security reward initiatives. Broken down, this total includes more than $1,000,000 for the Chromium VRP and Pwnium rewards, and in excess of $1,000,000 for the Google Web VRP rewards," they wrote.

"Today, the Chromium program is raising reward levels significantly. In a nutshell, bugs previously rewarded at the $1,000 level will now be considered for reward at up to $5,000. In many cases, this will be a five-times increase in reward level."

The two added the company will continue to issue even higher payments on a case-by-case basis.

"We'll issue higher rewards for bugs we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity. We will continue to pay previously announced bonuses on top, such as those for providing a patch or finding an issue in a critical piece of open-source software," they wrote.

Google is one of many tech companies to offer researchers monetary rewards for spotting security flaws in their products. Facebook issued a massive $20,000 to a security researcher for spotting a critical flaw leaving its users open to attack by hackers. Security news aggregator Packet Storm also runs an ongoing bug bounty program, which offers up to $7,000 for working exploits.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Linux Systems Administrator - eCommerce - 60-75k + Bonus + Bens

A house hold name in eCommerce is looking to grow their...

Software Engineer

Employment Type: Permanent, Full-time Number of...

Managing Director Technology Group

3/4 Year fixed term appointment with the potential to...

IT Support and Project Technician – Cloud Computing

Company Overview Pygmalion Cloud Solutions, headquartered...
To send to more than one email address, simply separate each address with a comma.