Google raises 5-fold reward for reporting bugs to $5,000

Google has paid over $2 million in rewards under its 'bug bounty programme' to users

Amid the gloom on the rupee front, here is good news for those web-addicts to make some quick bucks as search giant Google has decided to raise the reward amount it pays to those reporting bugs by five-fold, or up to $5,000.

It can be recalled that Google has already paid over $2 million in rewards under its 'bug bounty programme' to users who report vulnerabilities in its Chrome browser and operating system.

It can also be noted that Indians were the second biggest recipient by county of a similar anti-bug initiative by Facebook earlier this year.

"We've now paid out in excess of $2 million across our security reward initiatives. This includes over $1 million for the Chromium VRP/Pwnium rewards, and in excess of $1 million for the Google Web VRP rewards," Google said in a blogpost.

A bug is an error or defect in software or hardware that causes a programme to malfunction. While bugs can cause software to crash or produce unexpected results, certain defects can be used to gain unauthorised access to systems.

Recently, social networking site Facebook also said it paid over $1 million in the last two years to security researchers who report bugs on its website and India was second among recipients by country.

Microsoft has also started a bug bounty programme in June, offering up to $100,000 for reporting exploitation techniques against protections built into the latest version of its Windows operating system.

Google, in its post said, bugs previously rewarded at the $1,000 level will now be considered for reward at up to $5,000.

"We will issue higher rewards for bugs (that) we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity," it added.

Since the launch of its Chromium and Google Web Vulnerability Reward Programmes three years ago, Google has rewarded and fixed over 2,000 security bug reports, it said.

Google will also continue to pay previously announced bonuses on top, like those for providing a patch or finding an issue in a critical piece of open source software.

Since the launch of the rewards programme, it has received over 1,500 qualifying vulnerability reports that span across Google's services as well as software written by companies it has acquired.

In June, Google had hiked the amount it pays for cross- site scripting vulnerabilities in Google web properties to $7,500 from $3,133.7.

It raised the reward for XSS bugs in highly sensitive services like Gmail and Google Wallet to up to $5,000, while $7,500 will be paid for pointing out significant authentication bypasses/information leaks.