After three years and $2million in payouts, Google’s bug bounty program has not only strengthened Chromium browser and related apps but, also filled the pockets of quite a few security researchers. With the decrease in number of vulnerabilities that are being reported, Google has now decided to up the ante by increasing the $1,000 level payout to up to $5,000.
“In a nutshell, bugs previously rewarded at the $1,000 level will now be considered for reward at up to $5,000. In many cases, this will be a 5x increase in reward level!” announced Chris Evans and Adam Mein through a Google blog post.
Google will continue to payout bonuses to researchers, despite the increase in base payments, for vulnerabilities in code that was either thought to be stable or when a bug affects not only Chromium but, also other software.
Beyond the announcement about the increase in payouts, the Masters of coin duo also revealed some interesting figures about the bug bounty payouts. Google launched two vulnerability reward programs – Chromium and Google Web – in a bid to better secure its software, users and to build a relationship with security researchers across the globe. The $2 million in payouts include over $1 million paid out through the Chromium VRP as well as Pwnium and the rest has been paid out through Google Web VRP.
Sergey Glazunov, who is known for his Chrome bug hunting skill, has netted over $150,000 till date. Other familiar names in the Security Hall of Fame are PinkiePie and miaubiz who have netted over $100,000 each.