Google has again come into news as obviously with some huge monetary figures, Google has recently paid its researchers over $2 million as security rewards for fixing more than 2000 bugs.
The figure consists of $1 million for Chromium VRP & Pwnium rewards and $1 million for Google Web VRP rewards. As a result both the programs have been successful. Facebook a week back announced that their Bug Bounty program has paid out about $1 million in a span of two years, and now Google claimed the figure has crossed $2 million mark in 3 years.
Till date the researchers have successfully filled more than 200 security bug reports through its bounty programs. Google raised the rewards levels by $500 for its Chromium program to celebrate which initially were $1000 i.e. up to 5 times to increase in some cases.
These Bug bounty programs seem to be a great program as it has provide an excellent addition to internal security programs. The hackers are able to find out the flaws as well as disclose them in an appropriate manner with the company when they do and do not opt for using or selling them for other means.
Google reported that they will be issuing higher rewards for bugs as they believe it will be a threat to user safety and when an accurate analysis of exploitability and severity is provided by the researcher. Google promises that they will continue to pay previously announced bonuses on the top like providing a patch or finding some criticality in open source software.
Reports also suggest that many times before Mozilla and Facebook have also offered notable bug bounty programs to which even Microsoft is actively showing interest. If any on is a researcher and has not given Google Software a go, one should check the document named as Reporting Security Bugs and Reward Nomination Process.