In order to market the anniversary of Google’s Vulnerability Reward Program, the search giant has announced a collaboration with the security research community and have received over 780 qualifying vulnerability reports that span across the hundreds of Google-developed services, as well as the software written by fifty or so companies that Google have acquired. The program paid out around $460,000 to roughly 200 individuals in just over a year time. The company rolling out updated rules of the program which even includes new reward amounts for critical bugs:
- $20,000 for qualifying vulnerabilities that the reward panel determines will allow code execution on our production systems.
- $10,000 for SQL injection and equivalent vulnerabilities; and for certain types of information disclosure, authentication, and authorization bypass bugs.
- Up to $3,133.7 for many types of XSS, XSRF, and other high-impact flaws in highly sensitive applications.