Google has tripled rewards for revealing the weaknesses in its network under the Google Play Security Reward Program and the Chrome Vulnerability Reward Program. Digital bounty hunters now stand a chance to make much more money from Google.
Google has already paid over $15 million to researchers to check security breaches since the inception of the bug bounty program in 2010. The bug bounty programs have excellently complemented the existing internal security issues and concerns of the organization. The program has motivated individuals and hackers to find flaws in the system and disclose them to the tech giant. This smart move of rewarding the hackers has stopped them from using the flaws maliciously or selling them to parties that could potentially threaten the Google security system.
Experts from Google agree that rewarding security researchers with bounties cost minimal, as compared to paying for a severe security snafu. The Chrome Vulnerability Rewards Program has received more than 8,500 reports of potential security threats with a payout of only $5 million since 2010. Google’s smart move has secured not only Chrome but also other Chromium-related browsers. With hackers on the beck n call, Google has now tripled the baseline reward amount from $5,000 to $15,000. The maximum reward has also been doubled from $15,000 to $30000, with double bonus opportunity for bugs found via the Chrome Fuzzer Program from $500 to $1,000. Google is focused on developing a high-quality reporting system with updated bug categories.
For the Chrome OS enabled systems, Google has increased the standing reward from $100,000 to $150,000, focusing on checking the chains of exploitation that can compromise with a Chromebox or Chromebook with persistence in guest mode. The company has also tripled the theft of insecure private data and protected app components from $1,000 to $3,000.
This initiative also encompasses additional reward categories for security bugs in lock screen bypasses and firmware. Bug bounty programs have become an established strategy among different tech companies for incentivizing individuals and hackers to highlight flaws in their systems.
This strategy has become popular and successful because it is highly lucrative for these researchers. Although the numbers seem to be eye-watering sums of money earned by non-contracted workers, this program is reasonably cost-effective for Google. The enormous financial and reputational damage that cyber-attacks can cause legitimizes this expenditure.