Google offers security flaw hunters $3,000 bounty

The company has already given out rewards of $4,000,000 to security researchers since 2010

Google has launched a new security rewards programme, designed to help the search giant find more vulnerabilities and fix them more efficiently.

The Vulnerability Research Grants scheme will reward security researchers with enhanced bounties should they uncover a bug - before they even submit it to Google. The rewards will also apply for bugs uncovered in mobile apps developed by Google and available for distribution on Google Play and iTunes.

Google said with its own security team and those outside of the organisation searching for bugs, it can be difficult to find new vulnerabilities, which is why Google has increased the level of rewards on offer.

Google security engineer Eduardo Vela Nava said on the company's blog: "We'll publish different types of vulnerabilities, products and services for which we want to support research beyond our normal vulnerability rewards.

"We'll award grants immediately before research begins, with no strings attached. Researchers then pursue the research they applied for, as usual. There will be various tiers of grants, with a maximum of $3,133.70."

The minimum level of reward will be $500 in the newly launched services and features category, while for sensitive product security research and security improvement efficacy research, prizes will start at $1,337.

In September last year, Google increased the bug bounty for flaws found within Chrome to $15,000. Tim Willis, hacker philanthropist on the Chrome Security Team said at the time: "We'll pay at the higher end of the range when researchers can provide an exploit to demonstrate a specific attack path against our users.

"Researchers now have an option to submit the vulnerability first and follow up with an exploit later. We believe that this a win-win situation for security and researchers: we get to patch bugs earlier and our contributors get to lay claim to the bugs sooner, lowering the chances of submitting a duplicate report."

Featured Resources

Seven steps to connect and empower your frontline workers

How business leaders can improve communication with a secure platform

Free download

Create what’s next

The future of collaboration and productivity

Free Download

Leveraging the cloud without relinquishing control

Your data. Their cloud.

Free download

Re-architecting for nonstop innovation

Unlocking productivity, scalability, and lower costs for cloud natives

Free Download

Recommended

Gmail vs Outlook.com: Which one is better?
email providers

Gmail vs Outlook.com: Which one is better?

26 Nov 2021
Hacked Google Cloud Platform instances are riddled with cryptominers
cloud computing

Hacked Google Cloud Platform instances are riddled with cryptominers

26 Nov 2021
Podcast transcript: Can the US take on big tech?
Policy & legislation

Podcast transcript: Can the US take on big tech?

19 Nov 2021
The IT Pro Podcast: Can the US take on big tech?
Policy & legislation

The IT Pro Podcast: Can the US take on big tech?

19 Nov 2021

Most Popular

How to speed up Microsoft's Windows 11
Microsoft Windows

How to speed up Microsoft's Windows 11

9 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

12 Nov 2021