Google Boosts Web Bug Bounties to $20,000

The Vulnerability Reward Program will pay the most for bugs that allow remote code execution on Google's core sites and services.

Computerworld: Google has raised the top payout for its Vulnerability Reward Program (VNP) from $3,133 to $20,000. The company will pay the bounties to security researchers who discover bugs that allow remote code execution against, and other core domains or against "highly sensitive services" such as Google Wallet, Gmail and Google Play. The company will pay $10,000 to researchers who find SQL injection bugs or "significant" authentication bypass or data leak vulnerabilities. Other bugs merit payments between $100 and $3,133, depending on how critical they are.

To date, VRP has paid out $460,000 to approximately 200 researchers who made 780 bug reports. "We're confident beyond any doubt the program has made Google users safer," the company blogged.

Tags: Google, security vulnerabilities, bounty

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.