Google reveals major increase in bug bounty rewards — so get hunting

Finding a Remote Code Execution flaw discovery can buy you a year-long vacation

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlehas increased the payouts in its bug bounty program by a factor of five as it looks to further incentivize security researchers.

The company’s information security engineers Sam Erb and Krzysztof Kotowicz wrote that since its products have gotten more secure, finding bugs has become a lot more challenging. This increase in difficulty will now be reflected in the rewards.

“As our systems have become more secure over time, we know it is taking much longer to find bugs – with that in mind, we are very excited to announce that we are updating our reward amounts by up to 5x, with a maximum reward of $151,515 USD ($101,010 for an RCE in our most sensitive products, with a 1.5x modifier applied for exceptional report quality = $151,515),” the researchers said.

Starting on July 11

It is also worth mentioning that Google introduced an additional modifier, depending on the quality of the report. Low quality reports will get a 0.5x reward amount modifier, good quality ones 1x modifier, and exceptional quality ones 1.5x modifier. A more detailed breakdown of the rewards can befound onthis link.

Google said that the new rewards tier starts on July 11, at 00:00 UTC and only applies to vulnerabilities submitted after this moment. Furthermore, the company recently introduced additional payment options, such as the ability to receive payments via Bugcrowd.

The search engine behemoth kickstarted its Vulnerability Reward Program (VRP) more than a decade ago, in 2010. Since then, it paid more than $50 million in bounties,BleepingComputerreports, to security researchers who discovered more than 15,000 vulnerabilities. Just last year, it paid out $10 million in bug bounties, with the highest reward being $113,337.

More from TechRadar Pro

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics