Search engine giant Google (News - Alert) announced yesterday that it will begin offering a bounty of $20,000 for software bugs found in any Google product or online service that could be used as exploits by hackers. This bounty system has actually been in place since November of 2010 but Google has increased the bounty amount from the $3,133.70 set at the program's inception.
Google security team manager Adam Mein says of the program that, “When we get more bug reports, we get more bug fixes.” Adding, “That is good for our users; that is good for us.” Indeed, with Google's massive influence on the tech world of today, not to mention the amount of private user data gathered and stored, it is good to see that Google is concerned with safety.
However, the program does not include Google's client applications — Android (News - Alert), Picasa, Google Desktop, Chrome OS — but an expansion of the program to include these pieces of software is not out of the question, according to Google's online security blog. As such, only Google's online services — google.com, youtube.com, blogger.com, etc. — are subject to the Vulnerability Reward Program, as well as Google's Chromium web browser.
To date, Google has paid out about $460,000 since the Vulnerability Reward Program was first established less than two years ago. This translates to about 11,000 software flaws reported to Google with more than 780 being eligible for rewards starting at $300 to the previous maximum.
The maximum was raised in order to offer greater incentive to hackers and “software savants,” in the hopes that more difficult-to-find bugs will be brought to light. “We want them to know the reward is there for them if they find the most severe bugs,” Mein said.
Greater rewards will be given for bugs found in more sensitive services like Google's Wallet software which stores users' payment information for faster online purchasing.
Edited by Jennifer Russell