Google increases vulnerability reporting reward to $20,000
updated 06:25 pm EDT, Mon April 23, 2012
Google raises Vulnerability Reward Program prizes
Google has updated the bounties for its Vulnerability Reward Program. Users who report a bug from one of Google's products stand to earn up to $20,000 for each potential vulnerability declared to the search giant.
The $20,000 bounty can be achieved by finding a vulnerability that would allow execution of code on Google production systems. People discovering SQL injection and similar levels of issues can receive $10,000, with the lesser original values of $3,133.70 and $1,337 for cross-site scripting. The lowest possible reward amount is $100.
Launched in November 2010 as a way to secure services provided by Google and subsidiaries, the program originally offered values up to $3,133.70, a numerical pun based on “leetspeak,” and has paid over $410,000 in bounties to 730 qualifying bug reports.
