Google ups (some) bug bounties
Posted on 07 June 2013.
Google has once again decided to raise the sums that researchers can earn by offering information about bugs in the company's web services and properties (YouTube, Blogger, Orkut, Google Search, and so on).

Information about cross-site scripting (XSS) flaws is now worth $7,500 (used to be $3,133.7), that on Gmail and Google Wallet bugs is now $5,000 (previously $1,337).

XSS vulnerabilities on other properties, which were previously worth $500, are now rewarded with $3,133.7, and finally, information about authentication bypasses / information leaks is now worth $7,500.

Remote code execution bugs and SQL injection vulnerabilities are still at the top of the list of bugs for which Google offers the biggest rewards.

This most recent increase of bug bounties is due to the fact that most of the easily found vulnerabilities have already been reported, and researchers must invest more of their time and effort in finding new ones.

"Since introducing our reward program for web properties in November 2010, we’ve received over 1,500 qualifying vulnerability reports that span across Google’s services, as well as software written by companies we have acquired," stated Adam Mein and Michal Zalewski from the Google Security Team. "We’ve paid $828,000 to more than 250 individuals, some of whom have doubled their total by donating their rewards to charity."


Don't sink your network

Too many of today’s networks are easy to sink. One attack pierces the perimeter, and all of the organisation's most sensitive data comes rushing out. Soon after, their logo is slapped across the evening news as the pundits start circling the water.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Oct 13th