Google Updates Vulnerability Reward Program Reward To $20,000

Posted on Apr 24 2012 - 4:45am by Editorial Staff

In order to market the anniversary of Google’s Vulnerability Reward Program, the search giant has announced a collaboration with the security research community and have received over 780 qualifying vulnerability reports that span across the hundreds of Google-developed services, as well as the software written by fifty or so companies that Google have acquired. The program paid out around $460,000 to roughly 200 individuals in just over a year time. The company rolling out updated rules of the program which even includes new reward amounts for critical bugs:

  • $20,000 for qualifying vulnerabilities that the reward panel determines will allow code execution on our production systems.
  • $10,000 for SQL injection and equivalent vulnerabilities; and for certain types of information disclosure, authentication, and authorization bypass bugs.
  • Up to $3,133.7 for many types of XSS, XSRF, and other high-impact flaws in highly sensitive applications.
About the Author

Editorial Staff at I2Mag is a team of subject experts.