Google has announced a significant increase in rewards for its Google Bug Hunters program for finding bugs in code. The company will now offer more generous cash prizes to enthusiasts, developers and hackers who discover vulnerabilities.
Image source: Copilot
According to PCMag, rewards are increased by up to 5 times, with the maximum payout increasing to $151,515. “We’re excited to announce that we’re updating our rewards by up to five times,” said Google security engineers Sam Erb and Krzysztof Kotowicz.
For example, the basic reward for discovering a logical error that allows you to take control of an account in the Google system has increased from $13,337 to $50,000. For detailed and high-quality reports on the vulnerabilities found, the company is willing to pay $75,000. At the same time, the maximum amount of the basic reward will be $101,010 , however, taking into account the coefficient for a high-quality report, the reward could increase to $151,515.
Erb and Kotovich explained that these coefficients were introduced to encourage the provision of clearer and more complete reports, similar to the vulnerability scanning programs for mobile devices, Chrome and Android (Mobile VRP, Chrome VRP and Android VRP). Program participants can expect one of three coefficients, depending on the quality: 1.5x for exceptional quality, 1.0x for good quality, and 0.5x for poor quality.
Let’s remember that Google’s vulnerability scanning program was launched in 2010. Since then, the company has paid out $59 million in bounties to third-party developers. The year 2022 became a record year for payments, when the amount reached $12 million. New reward rules for the Google Bug Hunters program went into effect on July 11.