July 11, 2024 at 02:20PM
Google has increased bug payouts through its Vulnerability Reward Program by up to 5x, with a maximum reward of $151,515 for a single security flaw. The new rewards apply to vulnerability reports submitted on or after July 11th. In addition, the company has expanded payment options and updated its rules on reward amounts.
Google has recently announced a significant increase in payouts for bugs found in its systems and applications through its Vulnerability Reward Program. The new maximum bounty for a single security flaw is now $151,515, which represents a fivefold increase from previous rewards. This adjustment is aimed at encouraging more bug submission and improving overall system security.
Starting from July 11th, 00:00 UTC, only vulnerability reports submitted after this date will be eligible for the new rewards. In addition to the payout increase, Google has expanded payment options by allowing researchers to receive payments through Bugcrowd.
Furthermore, the company has introduced a new VPN, kvmCTF, to enhance the security of the Kernel-based Virtual Machine (KVM) hypervisor. This program focuses on VM-reachable bugs in the KVM hypervisor and offers a substantial $250,000 bounty for full VM escape exploits.
These developments reflect Google’s ongoing commitment to rewarding and supporting the security research community. Since the launch of its Vulnerability Reward Program in 2010, Google has paid more than $50 million in bounties to security researchers for reporting over 15,000 vulnerabilities. The highest-ever VRP bounty was $605,000, paid to a security researcher in 2022 for a series of five security bugs in an Android exploit chain.