Less than two weeks after Facebook announced its Bug Bounty program has paid out over $1 million in two years, Google has announced it has crossed the $2 million mark in three. So far, the company has rewarded security researchers for filing more than 2,000 security bug reports via its bounty programs.
The $2 million figure includes more than $1 million for the Chromium VRP and Pwnium rewards as well as over $1 million for the Google Web VRP rewards. In other words, both programs have been quite successful.
To celebrate, Google is raising reward levels for its Chromium program. Bugs previously rewarded at the $1,000 level will now be considered for reward at up to $5,000, meaning an up-to five times increase in some cases.
“We’ll issue higher rewards for bugs we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity,” Google explains. “We will continue to pay previously announced bonuses on top, such as those for providing a patch or finding an issue in a critical piece of open source software.”
Bug bounty programs are seen by many as an excellent addition to existing internal security programs. They help motivate hackers not only to find flaws, but to disclose them appropriately with the company when they do, rather than using them or selling them for other means.
As we’ve mentioned many times before, Mozilla and Facebook offer notable bug bounty programs, and Microsoft recently joined the party as well.
See also – Google’s CIO explains the challenge of keeping data secure: ‘We spend a lot of time worrying about it’ and Google starts upgrading its SSL certificates to 2048-bit keys, hopes to finish by end of 2013
Top Image Credit: Kimihiro Hoshino/Getty Images