Fixing bugs and maintaining top-notch security are factors of paramount importance to any Internet establishment. For a while now, Google has been rewarding those who've been helping them in fixing more bugs, and it has been doing these through its Web Vulnerability Reward Program. Now considering the difficulty involved in finding bugs in Google's “most critical applications”, the search giant has announced that it is increasing the rewards for another group of bug categories, in addition to rolling out updated rules.
More handsome rewards now
If you manage to fix cross-site scripting (XSS) bugs on https://accounts.google.com, you now stand to receive a reward of $7,500 (previously $3,133.7). Not only that, rewards for fixing XSS bugs in other highly sensitive services – Gmail and Google Wallet – have been hiked too; it is now $5,000, up from $1,337. The highest reward now for significant authentication bypasses/information leaks now is $7,500, up from an earlier $5,000.
Google started its Web Vulnerability Reward Program in November 2010. Since then, Adam Mein and Michal Zalewski from Google's Security Team claim that they receive over 1,500 qualifying vulnerability reports from across Google's services and software by companies they acquired. “We’ve paid $828,000 to more than 250 individuals, some of whom have doubled their total by donating their rewards to charity. For example, one of our bug finders decided to support a school project in East Africa,” they revealed.
If you're interested, and wish to know the updated rules, click here.