Google Makes Major Fivefold Increase To Payments In Its Vulnerability Reward Program

Search engine giant Google has just rolled out a fivefold increase in payments made in its Vulnerability Reward Program.

The company’s world-famous initiative provides financial incentives to security researchers and hackers to look for bugs in its systems and highlight them to the company, after which it rewards them with cash in return.

The new value of this maximal bounty has been fixed to $151,515 for just one security flaw highlighted.

As systems keep getting more secure with time, it’s taking so much longer to look for bugs, and keeping that in mind, they’re excited to make this change, Now, roll-out rewards could go up to five times the value seen previously.

The latest reward puts together $101,010 for some of the organization’s most sensitive offerings, featuring a 1.5 times modifier. This is applicable for the best report quality.

Meanwhile, other vulnerability reports that were rolled out to the company starting July 11th at 00:00 UTC would again be able to attain the new bounty reward value published today.

Additionally, we’re going to see bigger payments be accompanied by better options for payments including the likes of Bugcrowd.

More details about Google’s changes on this front were published in its Reward Amounts section of the company’s VRP rules. This not only features the reward amount but the latest payment structure too.

Last week, the search engine giant announced how it was bettering the security of its KVM hypervisor that detects VM reachable bugs with rewards hitting the $250k bounty when full exploits on the VM are witnessed.

Close to a year ago, the Android maker enhanced rewards for exploits found by tech experts in its Chrome Sandbox.

The company’s VRP was first rolled out in the year 2010 and since then, Google has paid close to $50M in bounties to security experts who are reporting up to 15k vulnerabilities.

In the year 2023 alone, the search engine giant made payments of close to $10M with the biggest reward being allotted to bounty hunters collecting nearly $113,330.

So far, the company’s greatest VRP bounty was enlisted at $605,000 and rolled out to gzobqq, nearly two years back. This was for a total of five security faults it found in the Android export chain. Meanwhile, the security expert says another leading Android report rolled out in 2021 paved the way for an exploit detection where the payout was highlighted to be $157k.


Image: DIW-Aigen

Read next: OpenAI Creates Internal Scale To Assess Progress Of Its AI Models
Previous Post Next Post