Google increases the reward by 5 times for hackers who discover security errors in its services
Google has just announced that it will increase payments 5 times to hackers who find bugs/vulnerabilities that exist in its systems and applications, and are reported through the Vulnerability vulnerability discovery reward program. Rewards Program. The new maximum compensation is $151,515 for a security vulnerability, depending on difficulty and severity.
Explaining this decision, Google said: ' Our system becomes more secure over time. We know that vulnerabilities will still exist, but it takes more effort to find them. Therefore, raising the bounty level would be a suitable incentive for hackers '.
The new highest reward is "$101,010 for a critical remote code execution (RCE) vulnerability in popular Google products, with a 1.5x modification applied for exceptional quality reporting." difference, equivalent to 151,515 USD). Note that only vulnerability reports submitted starting from July 11 are eligible to be paid under the new reward level.
In addition to offering higher payouts, Google also recently expanded payment options, including the ability to receive payments through Bugcrowd. The updated Reward Amounts section of the Google VRP ruleset will provide more information about Google's changes to reward amounts and the new payment structure.
Last week, Google launched kvmCTF, a new VRP announced for October 2023 that aims to improve the security of Kernel-based Virtual Machine (KVM) hypervisors. kvmCTF focuses on VM-accessible bugs in KVM hypervisors, and offers a $250,000 reward for full exploitation.
Last year, the company also tripled the reward for successful exploitation of the Chrome sandbox vulnerability chain until December 1, 2023.
Since the Vulnerability Reward Program (VRP) was launched in 2010, Google has paid out more than $50 million in bounties to security researchers, representing more than 15,000 discovered vulnerabilities. report.
Last year alone, Google paid out $10 million, with the highest award awarded in a single case being $113,337.
The highest VRP reward ever is $605,000, paid to a security researcher nicknamed gzobqq in 2022, for discovering a series of five security flaws in the Android exploit chain. The same hacker reported another significant Android exploit chain in 2021, earning a reward of $157,000.
The reward program for detecting security errors is a great idea, helping service providers take advantage of resources from the community to perfect their products. This is a type of win-win cooperation that not only helps motivate individuals and hacker groups to not only find security vulnerabilities, but also reveal how to exploit or fix these vulnerabilities quickly. properly, instead of taking advantage of them for personal gain, breaking the law or worse, selling them to black organizations.
In general, the cost of rewarding security researchers is often nothing compared to the damage and the amount of money spent to overcome the consequences of that vulnerability.
You should read it
- Google will start deleting photos, comments, pages and more on Google+ from April
- 11 products of Google are little known
- 18 interesting 'bombs' of Google
- 14 great features on Google you may not know yet
- Interesting search engines on Google that you may not know yet
- 10 creative ways to use Google Keep every day
- Some tips to help you master Google Duo
- 3 tips for effective use of Google revealed by Google employees
- Google+ is oriented to be the next version of Google
- Google - When the Giants become too big
- Google Drive 4,2021.46200, Download Google Drive here
- How to log out of your Google account on devices
Maybe you are interested
Latest Unemployment Code for Immortal Cultivation and how to redeem code for rewards
Learn about Pokémon Buddy in Pokemon GO - Walk your pet and earn rewards
Detecting software vulnerabilities Samsung can be rewarded with 1 million USD
Latest Alo Ngo Khong code and how to enter reward code
Google opens the door to real money rewards games on the Play Store
Ways to collect rewards in Sonic Speed Simulator