Google Announces Big Increase For Bug Bounty Rewards

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Bugs previously rewarded at the $1,000 level will now be considered for reward at up to $5,000, Google says

Google has yet again stepped its vulnerability hunting game up, saying bug bounty rewards will be increased by as much as five times.

The tech titan also revealed it has now handed out more than $2 million (£1.3m) in bug bounties, across its Chromium, Google Web and Pwnium rewards.

google-london-officeBug bounty boost

“Bugs previously rewarded at the $1,000 level will now be considered for reward at up to $5,000. In many cases, this will be a 5x increase in reward level! We’ll issue higher rewards for bugs we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity,” said Google’s “masters of coin” and security rewards leads Chris Evans and Adam Mein.

“We will continue to pay previously announced bonuses on top, such as those for providing a patch or finding an issue in a critical piece of open source software.

“In the three years since launch, we’ve rewarded (and fixed!) more than 2,000 security bug reports and also received recognition for setting leading standards for response time.”

As vulnerability researchers look to sell their findings to the highest bidder – often not the owner of the flawed software – tech giants have had to increase the amount they offer in bug bounty schemes.

Google, as well as increasing bounties, has been pressuring the security community to find and patch flaws quicker. In May, it decided it would publicly reveal flaws it found on others’ software within seven days. That was down from two months.

What do you know about Internet security? Find out with our quiz!