The program is called Vulnerability Reward Program (VRP) and they recently raised it to $20,00o as the maximum reward. The reward was designed to encourage users to report any bugs or security glitches they may find on websites like google.com, youtube.com, Google Wallet, Google Play, and Gmail.
Google Inc. (NASDAQ:GOOG) will also offer a $20,000 reward to those who can find remote flaws in the coding of Google’s web applications and a $10,000 reward to those who discover SQL injection bugs or data leak vulnerabilities. Payments for other glitches like cross-site scripting and cross-site request forgery range from $100 to $3,133. That amount will vary on several conditions including the location and the severity of the problem.
Google’s security team manager Adam Mein stated that the more reports they get, the more they bugs they fix. The end result is good for everyone.
Since they first launched their Vulnerability program back in November 2010, the company paid out $460,000. There was 11,000 reports of software flaws, over 780 of them qualified payout rewards of at least $300 to the maximum amount.
Most of the users who receive a bounty reward are seasoned tech experts like computer security professionals, website owners, even engineering students.
In March, Google paid two researchers $60,000 during the Chrome Hacking contest they held at the CanSecWest conference in Pwinium.
It’s a good thing that Google is willing to work with outside professionals and reward them in the process. This shows that they’re staying ahead of the curve and making changes if necessary. And once the word gets out that Google is increasing their pay rates for Vulnerability Reward Program, more professionals will want to be part of it.
Sometimes it takes a collective group effort to get things done and Google has recognizes that.