Google Announces Increase in Vulnerability Rewards
The highest available reward is now $7,500.
Google recently announced a significant increase in the rewards offered through its bug bounty program, which has paid out $828,000 to more than 250 different people since its launch in November 2010 (h/t Threatpost).
Key changes are as follows:
- Cross-site scripting (XSS) bugs on https://accounts.google.com now receive a reward of $7,500 (previously $3,133.7). Rewards for XSS bugs in other highly sensitive services such as Gmail and Google Wallet have been bumped up to $5,000 (previously $1,337), with normal Google properties increasing to $3,133.70 (previously $500).
- The top reward for significant authentication bypasses / information leaks is now $7,500 (previously $5,000).
In a blog post announcing the increased rewards, Google security team members Adam Mein and Michal Zalewski noted that many bug finders have doubled their rewards by donating them to charity. "For example, one of our bug finders decided to support a school project in East Africa," they wrote.