It is a well-known notion that the higher the prize money, the greater will be the effort to win it. Same goes for bug bounty programs. These are specially designed programs that allow white hat hackers and upcoming or novice security researchers to identify prevalent vulnerabilities in their latest hardware/software products.
A majority of tech firms offer these programs to get information about critical security flaws that might affect their product and company’s reputation. Google is one such firm that is dedicated to providing best possible experience to its customers. Therefore, the company is always introducing bug bounty schemes to ensure that its offered products are free from security vulnerabilities.
In lieu to its on-going efforts in making the products safe and secure for users, Google has increased rewards for some vulnerabilities. On 2nd March, in an official blog post; Google announced that it is going to increase the reward for remote code execution on its servers to $31,337. Previously the tech giant offered $20,000 for identification of this issue. Additionally, it has increased the reward for an Unrestricted file system or database access to $13,337 from $10,000.
The reason for this sudden and substantial hike in reward is that these vulnerabilities are quite difficult to identify and therefore, the company wants security researchers to focus more upon these.
“High severity vulnerabilities have become harder to identify over the years, researchers have needed more time to find them. We want to demonstrate our appreciation for the significant time researchers dedicate to our program, and so we’re making some changes to our VRP,” Google’s post stated.
In this context, Google has noted in its post that tech firms around the world are now facilitating security researchers and statistics suggest that during 2016, China paid three times more amount to their safety researchers in comparison to 2015 while France increased the amount to 44% and Germany offered 27% increment.
On the other hand, Microsoft is also offering USD 30,000 to hackers for its limited time bug bounty program so if you have the skills it is time to make some big bucks.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.