reward

As many of you know, the Chrome Vulnerability Incentive Program rewards everyone for directly discovering and reporting browser security issues.

Google recently announced on its security blog that it is now routinely increasing the amount from the “Chrome Vulnerability reward Program” where the reward for high-quality reports has been increased to $30,000 and the compromise detection bonus on Chrome OS has been overvalued by $150,000.

Google says highlights of the increase in bug bounties include tripling the maximum reward for the so-called “baseline” report with very little granularity from $5,000 to $15,000.

The maximum payoff for a so-called “high-quality” report with lots of information explaining, for example, how hackers can exploit a bug, what its source is, or how it can be fixed, is also doubled. According to an article on the Chrome Security Blog, $15,000 to $30,000.

A large amount is still associated with the discovery of vulnerabilities in Chrome OS, the Google Software Platform for Chromebook or Chromebox.

At this level, Google has also increased the reward to $150,000 for researchers who discover attacks that could compromise a Chromebook or Chromebox. According to the blog post, security bugs found in the firmware and/or allowing attackers to bypass the Chrome OS lock screen are also paying off.

Google has been creating its bug reward program since 2010. To date, Google has received over 8,500 bug reports and paid researchers $2014 million. The first change to the premium base was made in September XNUMX, four years after the launch of the program.

At the time, Google Chrome’s bug-finding program paid over $1.25 million to security researchers who found over 700 bugs in their browser, but Google found it wasn’t enough. Five years later, the number of reports has increased from 700 to 8.500 and Google has decided to triple the rewards.

In addition to the increases mentioned above, Go ogle has also increased the rewards for fuzzy testing (or random testing), a software testing technique that bug hunters also use to inject random data into inputs.

Software product for finding problem records. According to the blog post, “The additional bonus for bugs found by fuzzers using the Chrome Fuzzer program has also doubled to $1,000.”

The increase also affected the amounts paid to researchers under the Google Play Security Rewards program.

In fact, the reward for remote code execution errors has gone up from $5,000 to $20,000, for stealing private, unprotected data from $3,000 to $1,000, and for accessing secure application components from $3,000 to $1,000.

Also, if you “responsibly” report vulnerabilities to participating app developers, you’ll get a bonus, according to Google.

Below is the new extended list and the old error bonus table. The reward for security mistakes made is typically between $500 and $150,000.

And the fact is that this movement is aimed primarily at getting reports into their hands, since not only do tech companies reward bug hunters, but governments and criminals also pay for vulnerabilities that they can exploit in activities such as espionage and identity theft.

In a blog post , Google also clarified what it considers a high-quality report and updated error categories to make it easier for researchers.

“We’ve also clarified what we consider a high-quality report to help journalists earn the highest possible rewards, and updated the bug categories to better reflect the types of bugs that are being reported and that we’re more interested in,” he said. the company said.

Google says this increase for Chrome bug hunters will apply to content submitted after a blog post. You can find more information on magnification here.

Also Read – How America’s Richest People Avoid Paying Taxes
Also Read – Insurance Companies Near Me For Health, Life And Auto Insurance
Also Read – How to Make an Appointment with the IRS and What to Do Before It

2 thoughts on “Google extends reward for finding bugs in Linux”

Leave a Reply

%d bloggers like this: