Google ups the bounty

Found a security flaw in one of Google’s products? It may bring you a fat paycheck. On its Online Security Blog, Google has announced that the company will be increasing its bounties for serious code execution bugs found in production versions of Google products to $20,000. It will also be paying $10,000 for less severe vulnerabilities like SQL injection flaws as well as $3,133.37 for other vulnerabilities such as cross-site scripting exploits.

780 vulnerabilities have been found by around 200 participants. It's first year of the program saw around $460,000 paid out in bounties. Bounties are only paid to individuals if the vulnerabilities have been disclosed in a responsible manner, allowing Google to fix them before hackers can build proof-of-concept attack code.

One the flip side, Google has decreased the rewards for flaws found in products that are owned by the company, but not yet integrated into the company product line. The company says that it will decide what vulnerabilities qualify as high risk issues and will be paying bounties based on that assessment.

Its Chrome browser reward program runs separately from its other reward programs. It pays out bounties for security problems that can range from $500 to $3,133.70 for a single vulnerability.