Thursday, February 5, 2015

Google To Increase Bug Bounty For Security Researchers

 Google is known for offering bug bounty to security researchers. Company takes security of its products very seriously. Google has reportedly distributed $1.5 million to security researchers for vulnerability reports in 2014. The money was distributed to over 200 researchers for 500 bug reports. Now, the company is increasing the bounty amount




Google started paying reward to security researchers in 2010. It has paid out $4 million bug bounties since then. Google pays bug bounty to researchers after their bug reports are approved by Google. Company is implementing new strategy for paid out for security researchers. Google is expanding its scope with new program, Vulnerability Research Grant. Google will pay researchers between $500 to $3,133.70 from this grant. Google is trying to implement a new strategy, in which, the company will be paying out bug bounty before research is submitted. 

The official press release of this program explains how Google values time and efforts of security researchers. Company has planned to include top performing and frequent vulnerability researchers and invited experts in the Vulnerability Reward Program for now. Google wants to reward these security researcher’s time and attention even if they don't find vulnerabilities. Google doesn't mind paying a researcher under Vulnerability Research Grant even if he doesn't find a vulnerability,

The research grant will be applicable to Google’s highly sensitive services like Google Search, Wallet, inbox, Code Hosting, Chrome Web Store, Google App Engine, Google Admin, Google Developers Console and Google Play. Finding bugs in Google Products is highly difficult. Google has published the statistics of reported bugs in 2014. 

Google has mentioned in the press release that, the main objective of grant is to look for vulnerabilities. The company is not expecting very often that vulnerabilities will be found. Google has stated, "Receiving a grant and not finding anything doesn't affect your chances of receiving a new one. The information in the survey of what you looked at and the results will be valuable for us." Google’s statistics data for bugs in 2014 reveals that, largest volume of bugs came from Europe and Asia. Google has received more valid reports from security researchers in Africa than USA. 

No comments:

Post a Comment