If you have been working to find vulnerabilities and exploits and offer patches for those flaws, whether for Google or any other Internet company, read on.
The search giant has moved to up the ante for its bug bounty program by raising the reward to as much as $15,000. Before, white hat hackers who worked to find system bugs and vulnerabilities only received $5,000.
With the increased rate, Google is hoping that more supporters of its bug bounty program will come out in order to help protect its users from attackers. Google is targeting bugs that are hard to detect in particular, that is why it decided to offer higher rewards.
In addition to the high rewards at stake, Google also promises its contributors a slot in its Hall of Fame for white hat hackers that have uncovered large exploits.
To researchers who might want to sell their discovery to the black market instead of reporting it to Google, the search giant has a message for them:
We understand that our cash reward amounts can be less than these alternatives, but we offer you public acknowledgement of your skills and how awesome you are, a quick fix and an opportunity to openly blog/talk/present on your amazing work (while still offering you a very healthy financial reward for your work!). Also, you’ll *never* have to be concerned that your bugs were used by shady people for unknown purposes.
So far, the Mountain View company has identified more than 700 security bugs on its Chrome browser alone since the bug bounty program began in coordination with the research community. That translates to more than $1.25 million in rewards to white hat hackers who were able to successfully find those bugs or develop fixes for them.
The increased bug bounty reward is Google’s way of recognizing the additional effort that white hat hackers are exerting on their work to figure system and network flaws in Google’s services. But the $15,000 maximum reward is meant only for bugs that have high severity of impact if left unattended. So there is still hierarchy in the reward process: the more severe the bug discovered, the higher the reward.
But it has been demonstrated that Google is willing to pay more than that. In August, it rewarded $30,000 to a researcher for discovering severe bugs found in the Google Chrome sandbox. The reward system will also depend on how large the number of users that could be potentially affected.
That means researchers can receive higher rewards if they develop an exploit to exhibit how a particular bug can be exploited by hackers to perform their malicious activities.
Google says this is a win-win deal with the white hat community, with the hope to reduce duplicate reports with the refreshed bug bounty program.