Google's Vulnerability Rewards Program is now offering higher rewards for certain types of critical bugs and some vulnerabilities that experts manage to uncover. Josh Armour, Security Program Manager at Google explained how critical vulnerabilities became much tougher to identify over the course of the last seven years, which is why the Mountain View-based tech giant now decided to offer larger rewards to engineers, researchers, and other industry professionals willing to dedicate enough time to help make Google's products and services more secure.
As of last week, the Vulnerability Rewards Program is offering $31,337 in cash to people who manage to identify an instance of remote code execution in Google's products, the company said. The new figure is more than 50-percent higher than the previous one seeing how Google was so far paying $20,000 for proven instances of remote code execution. Furthermore, the reward for uncovering a vulnerability that allows an attacker to have unrestricted access to a database or a file system is now $13,337, up from $10,000. Armour also revealed how Google started donating all rewards earned by its in-house web security scanner to charities. For example, Rescue.org has so far received more than $8,000 in donations from the Alphabet-owned company and its security scanner. Google is hoping that the new rewards will prompt more experts to probe its products and services for vulnerabilities and will do a better job of rewarding them for their efforts.
Google started the Vulnerability Rewards Program back in 2010 and has been steadily increasing its rewards ever since. As the company's portfolio is gradually becoming more secure, finding new issues with its products and services is getting increasingly more difficult, meaning the company has little choice but to offer higher rewards to experts to convince them to spend their valuable time on probing its offerings. The Mountain View-based Internet giant increased some of its other bug bounties back in mid-2016 and is expected to make similar moves in the future. Apart from this announcement, Google's Security Program Manager also shared some details on how the Vulnerability Rewards Program is currently doing and posted two visual representations of its recent performance by country. Both visualizations can be seen in the gallery below.