Tuesday, 24 April 2012

Hack for Cash: Google boosts monetary prize for security exploits

Are you in need of a quick $20,000? Hack Google and you just might get that bounty. Earlier this week, Google announced a substantial increase in the top prize rewarded for hacking their products as part of its Vulnerability Reward Program.

Google uses the program as a relatively inexpensive way to utilize independent programmers and hackers to debug their products.

The new program looks something like this:



While the update substantially increases rewards in some areas (the previous top prize was only $3,133.7), in others, the prize was substantially reduced. According to Google, the redistribution of prizes is aimed at focusing efforts on areas that have the most potential to harm users.

To help focus the research on bringing the greatest benefit to our users, the new rules offer reduced rewards for vulnerabilities discovered in non-integrated acquisitions and for lower risk issues. For example, while every flaw deserves appropriate attention, we are likely to issue a higher reward for a cross-site scripting vulnerability in Google Wallet than one in Google Art Project, where the potential risk to user data is significantly smaller.

So far, Google has doled out around $460,000 to about 200 individuals and says the program has “beyond any doubt” made their products safer.

No comments:

Post a comment