Computerworld: Google has raised the top payout for its Vulnerability Reward Program (VNP) from $3,133 to $20,000. The company will pay the bounties to security researchers who discover bugs that allow remote code execution against google.com, youtube.com and other core domains or against “highly sensitive services” such as Google Wallet, Gmail and Google Play. The company will pay $10,000 to researchers who find SQL injection bugs or “significant” authentication bypass or data leak vulnerabilities. Other bugs merit payments between $100 and $3,133, depending on how critical they are.
To date, VRP has paid out $460,000 to approximately 200 researchers who made 780 bug reports. “We’re confident beyond any doubt the program has made Google users safer,” the company blogged.