Google offers security flaw hunters $3,000 bounty

The company has already given out rewards of $4,000,000 to security researchers since 2010

Google has launched a new security rewards programme, designed to help the search giant find more vulnerabilities and fix them more efficiently.

The Vulnerability Research Grants scheme will reward security researchers with enhanced bounties should they uncover a bug - before they even submit it to Google. The rewards will also apply for bugs uncovered in mobile apps developed by Google and available for distribution on Google Play and iTunes.

Advertisement - Article continues below

Google said with its own security team and those outside of the organisation searching for bugs, it can be difficult to find new vulnerabilities, which is why Google has increased the level of rewards on offer.

Google security engineer Eduardo Vela Nava said on the company's blog: "We'll publish different types of vulnerabilities, products and services for which we want to support research beyond our normal vulnerability rewards.

"We'll award grants immediately before research begins, with no strings attached. Researchers then pursue the research they applied for, as usual. There will be various tiers of grants, with a maximum of $3,133.70."

The minimum level of reward will be $500 in the newly launched services and features category, while for sensitive product security research and security improvement efficacy research, prizes will start at $1,337.

Advertisement - Article continues below

In September last year, Google increased the bug bounty for flaws found within Chrome to $15,000. Tim Willis, hacker philanthropist on the Chrome Security Team said at the time: "We'll pay at the higher end of the range when researchers can provide an exploit to demonstrate a specific attack path against our users.

Advertisement - Article continues below

"Researchers now have an option to submit the vulnerability first and follow up with an exploit later. We believe that this a win-win situation for security and researchers: we get to patch bugs earlier and our contributors get to lay claim to the bugs sooner, lowering the chances of submitting a duplicate report."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now


cloud backup

Google Backup and Sync review: That syncing feeling

17 Mar 2020

10 quick tips to identifying phishing emails

16 Mar 2020
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Google Android

Android 11 developer access arrives earlier than expected

20 Feb 2020

Most Popular

Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020