IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Google offers security flaw hunters $3,000 bounty

The company has already given out rewards of $4,000,000 to security researchers since 2010

A red padlock with a binary code label surrounded by circuits.

Google has launched a new security rewards programme, designed to help the search giant find more vulnerabilities and fix them more efficiently.

The Vulnerability Research Grants scheme will reward security researchers with enhanced bounties should they uncover a bug - before they even submit it to Google. The rewards will also apply for bugs uncovered in mobile apps developed by Google and available for distribution on Google Play and iTunes.

Google said with its own security team and those outside of the organisation searching for bugs, it can be difficult to find new vulnerabilities, which is why Google has increased the level of rewards on offer.

Google security engineer Eduardo Vela Nava said on the company's blog: "We'll publish different types of vulnerabilities, products and services for which we want to support research beyond our normal vulnerability rewards.

"We'll award grants immediately before research begins, with no strings attached. Researchers then pursue the research they applied for, as usual. There will be various tiers of grants, with a maximum of $3,133.70."

The minimum level of reward will be $500 in the newly launched services and features category, while for sensitive product security research and security improvement efficacy research, prizes will start at $1,337.

In September last year, Google increased the bug bounty for flaws found within Chrome to $15,000. Tim Willis, hacker philanthropist on the Chrome Security Team said at the time: "We'll pay at the higher end of the range when researchers can provide an exploit to demonstrate a specific attack path against our users.

"Researchers now have an option to submit the vulnerability first and follow up with an exploit later. We believe that this a win-win situation for security and researchers: we get to patch bugs earlier and our contributors get to lay claim to the bugs sooner, lowering the chances of submitting a duplicate report."

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Apple executive rejoins Google over remote work policy
flexible working

Apple executive rejoins Google over remote work policy

18 May 2022
Here’s the first look at Google’s new Bay View campus
Business operations

Here’s the first look at Google’s new Bay View campus

17 May 2022
Google offers UK SMBs £87,000 scholarships to boost tech skills
Careers & training

Google offers UK SMBs £87,000 scholarships to boost tech skills

10 May 2022
Google Cloud confirms it is building a dedicated team to support Web3 developers
Cloud

Google Cloud confirms it is building a dedicated team to support Web3 developers

9 May 2022

Most Popular

Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022
Windows 11's nifty new search feature has one major downside
Microsoft Windows

Windows 11's nifty new search feature has one major downside

23 May 2022