With the Vulnerability Reward Program, Google has one of the most popular bug bounty projects and is paying high bonuses to discoverers of security gaps in their own systems. In order to further increase the incentive or keep it stable, the premiums for two categories were increased by several thousand dollars. For the King hack, it is now over 30,000 dollars.
Bug bounty programs are an ingenious invention and serve several purposes at the same time: Hackers and tinkers check systems in their spare time for vulnerabilities and report the gaps found directly to Google or the developing company. In this way, the security of the system is increased by the closed gap and the discoverer gets a relatively high amount of money and also a good reputation. It is a win-win situation for both sides.
In order to continue to be attractive to hackers, and to prevent the ethical hackers from selling of found gaps elsewhere, Google again and again raises the premiums for found gaps. Another reason for the increases is that after many years, of course, it becomes increasingly difficult to discover any gaps and even required more working hours. Just last year, the bonus for a Chrome OS hack was increased to $100,000.
Now, the bonus for a hack or attack in the “Unrestricted file system or database access” category is increased from $10,000 to a total of $13,337. This again brings a geek figure beloved by Google into play. In the second category “Remote Code Execution”, the prize money goes even further up and shoots from now 20,000 dollars to now 31,337 dollars upwards, in view of the fact that this would be a serious security breach.
In the announcement, Google also immediately announces where the hardest hackers came from last year. Most of the news came from China and for the first time the US has only fallen to second place. Right behind this is India, again an Asian country, which is directly followed by Germany. Last year, Germany received 27 percent more reports than in the previous year and the fifth place France also rose by 44 percent.
Last year, according to a few weeks old statistics, Google spent 3 million dollars and paid them to discoverers of the security gaps. For Android alone, more than half a million dollars went into it. It remains to be seen whether this year will the number of bugs reported will be reduced or more bugs will be reported.