In 2023, Google distributed a total of 10 million dollars (approx. HUF 3.6 billion) for revealing vulnerabilities and errors hidden in its various products and services, which is slightly less than the 12 million dollars paid during the 2022 bug hunting program, but showed stable interest in the Vulnerability Reward Program towards.
The program can be made even more attractive by the search giant a few days ago announced: continues to increase the amounts due for reporting errors found in its systems and applications through the Vulnerability Reward Program, a single security error can be worth a maximum reward of 151,515 dollars, i.e. approximately HUF 55 million. For vulnerabilities reported since July 11, the company already applies the new fee schedule when determining payments, citing that now it can be even more difficult to detect bugs in its services, which have become more and more secure over the years.
In some categories, it can be up to five times the old reward, depending on the different types and severity of security errors: instead of the previous $13,337, reporting a logical error that could lead to the theft of an @gmail.com account, but an XSS vulnerability, can be worth up to $75,000 can be worth 15 thousand dollars.
Hello, this year’s SYSADMINDAY is here!This year, we will also organize the domestic Sysadminday at an outdoor location. After busy months, this is a good opportunity to meet friends and colleagues. |
Hello, this year’s SYSADMINDAY is here!
This year, we will also organize the domestic Sysadminday at an outdoor location. After busy months, this is a good opportunity to meet friends and colleagues.
A code injection vulnerability affecting Google’s servers can cost $101,000. The company also introduces the quality of the submitted documentation as a plus factor, which if careless than necessary, the amount can be reduced by half, but extremely thorough documentation can increase the value of the payment up to one and a half times.
Since the launch of the Vulnerability Reward Program (VRP) in 2010, Google has paid more than $50 million in rewards to security researchers for discovering more than 15,000 vulnerabilities, and the program reached its peak in 2022, with an annual payout of $12 million at the time .
Who are bug hunters and why is it good to work with them? What motivates such an ethical hacker to devote all his free time to finding a vulnerability? It’s not just money, although there has already been an example at home of someone cashing out tens of millions of forints by discovering a single vulnerability. We previously discussed the topic with Gábor Varjas, an expert at Hackrate On our HWSW Weekly podcast.
Source: www.hwsw.hu