Google has raised its bug reward prize five times from $1000 to $5000. “Today, the Chromium program is raising reward levels significantly. In a nutshell, bugs previously rewarded at the $1000 level will now be considered for reward at up to $5000. In many cases, this will be a 5x increase in reward level!,” a Google online security blog post said.
“We’ll issue higher rewards for bugs we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity. We will continue to pay previously announced bonuses on top, such as those for providing a patch or finding an issue in a critical piece of open source software,” the blog added.
The Mountain View based company had started vulnerability reward three years ago but didn’t expected it to be hugely popular.
“We had this principle in mind as we launched our Chromium and Google Web Vulnerability Reward Programs. We didn’t know what to expect, but in the three years since launch, we’ve rewarded (and fixed!) more than 2,000 security bug reports and also received recognition for setting leading standards for response time.”
“The collective creativity of the wider security community has surpassed all expectations, and their expertise has helped make Chrome even safer for hundreds of millions of users around the world. Today we’re delighted to announce we’ve now paid out in excess of $2,000,000 across Google’s security reward initiatives. Broken down, this total includes more than $1,000,000 for the Chromium VRP / Pwnium rewards, and in excess of $1,000,000 for the Google Web VRP rewards,” Google said in the blog post.