CNET también está disponible en español.

Ir a español

Don't show this again


Google beefs up the cash bounty for reporting vulnerabilities

The bounty for cross-site scripting bugs on Google Accounts, for instance, more than doubles to $7,500. The cash rewards tied to Gmail and Google Wallet get hefty bumps, too.

Noting the contribution made by those who try to hack its security, Google has once again increased the cash rewards it pays out for identifying vulnerabilities in its services.

The Internet giant, which began swapping security research for cash a couple of years ago, announced the higher payouts and new rules for the program Thursday on the company's Online Security Blog.

The bounty for cross-site scripting bugs on Google Accounts more than doubled from $3,133.70 to $7,500. The reward for reporting cross-site scripting bugs in other sensitive areas such as Gmail and Google Wallet more than tripled to $5,000 from the previous $1,337. The top payout for significant authentication bypasses and information leaks was bumped up to $7,500 from $5,000.

"Our vulnerability reward programs have been very successful in helping us fix more bugs and better protect our users, while also strengthening our relationships with security researchers," Google's security team wrote in the post.

The Vulnerability Reward Program was launched in 2010 to recruit external researchers to find system bugs and flaws. Since then, Google has received more than "1,500 qualifying vulnerability reports that span across the hundreds of Google-developed services," according to the blog post. The team said Google has paid out $828,000 to more than 250 people.