Save over 40% when you secure your tickets today to TNW Conference 💥 Prices will increase on November 22 →

This article was published on August 12, 2013

Three years in, Google has paid researchers over $2 million in security rewards and fixed more than 2,000 bugs


Three years in, Google has paid researchers over $2 million in security rewards and fixed more than 2,000 bugs

Less than two weeks after Facebook announced its Bug Bounty program has paid out over $1 million in two years, Google has announced it has crossed the $2 million mark in three. So far, the company has rewarded security researchers for filing more than 2,000 security bug reports via its bounty programs.

The $2 million figure includes more than $1 million for the Chromium VRP and Pwnium rewards as well as over $1 million for the Google Web VRP rewards. In other words, both programs have been quite successful.

To celebrate, Google is raising reward levels for its Chromium program. Bugs previously rewarded at the $1,000 level will now be considered for reward at up to $5,000, meaning an up-to five times increase in some cases.

“We’ll issue higher rewards for bugs we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity,” Google explains. “We will continue to pay previously announced bonuses on top, such as those for providing a patch or finding an issue in a critical piece of open source software.”

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

Bug bounty programs are seen by many as an excellent addition to existing internal security programs. They help motivate hackers not only to find flaws, but to disclose them appropriately with the company when they do, rather than using them or selling them for other means.

As we’ve mentioned many times before, Mozilla and Facebook offer notable bug bounty programs, and Microsoft recently joined the party as well.

If you’re a security researcher but still haven’t given Google’s software a go, you’ll want to check out the following documentation: Reporting Security Bugs and Reward Nomination Process.

See also – Google’s CIO explains the challenge of keeping data secure: ‘We spend a lot of time worrying about it’ and Google starts upgrading its SSL certificates to 2048-bit keys, hopes to finish by end of 2013

Top Image Credit: Kimihiro Hoshino/Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with