Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Google announced today that they have increased the payouts for security researchers who privately disclose vulnerabilities in Google Applications. Previously the maximum reward for a single vulnerability was $3,133.70, or $3,133.7 for you leet speakers. With this update to the Google Vulnerability Reward Program, payouts for certain vulnerabilities can now be as high as $20,000. With this higher reward, Google hopes to make it more enticing for security researchers who discover vulnerabilities to report it via "white-hat" methods rather than selling it to buyers who may want to weaponize the information for criminal purposes.
Under the new program, only those vulnerabilities that allow Remote code execution for accounts.google.com, highly sensitive services, or normal Google applications will be able to qualify for the $20,000 reward. Other properties owned by Google, but are not integrated into the following google.com, youtube.com, blogger.com, or orkut.com domains will only qualify for a $5,000 reward. Furthermore, any new acquisitions have a 6 month blackout period after being acquired before they qualify for a reward.
Back to top
