Skip to main content

Google increases payouts in bug reward program to $500-$15k per bug

While noting that it has fixed over 700 Chrome security bugs and paid out more than $1.25 million through its bug reward program, Google today announced it’s increasing rewards for the program. It also announced some policy changes for the program:

Second, we’ll pay at the higher end of the range when researchers can provide an exploit to demonstrate a specific attack path against our users. Researchers now have an option to submit the vulnerability first and follow up with an exploit later. We believe that this a win-win situation for security and researchers: we get to patch bugs earlier and our contributors get to lay claim to the bugs sooner, lowering the chances of submitting a duplicate report… Third, Chrome reward recipients will be listed in the Google Hall of Fame, so you’ve got something to print out and hang on the fridge.

As for the new rewards, Google is increasing the maximum $5000 payout for bugs to $500-$15,000 per bug. Google has details about what rewards it pays for specific but types here, but it points out that it often pays more than the maximum: “As always, we reserve the right to reward above these levels for particularly great reports. (For example, last month we awarded $30,000 for a very impressive report.)”

In addition, Google said that the new reward levels will be retroactive for submissions from July 1, 2014, meaning it will back-pay researchers for valid submissions made on or after that date.

Google has more info about the specific policy changes in the program in an FAQ on its website.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Jordan Kahn Jordan Kahn

Jordan writes about all things Apple as Senior Editor of 9to5Mac, & contributes to 9to5Google, 9to5Toys, & Electrek.co. He also co-authors 9to5Mac’s weekly Logic Pros series and makes music as one half of Toronto-based Makamachine.


Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications