Google beefs up the cash bounty for reporting vulnerabilities

The bounty for cross-site scripting bugs on Google Accounts, for instance, more than doubles to $7,500. The cash rewards tied to Gmail and Google Wallet get hefty bumps, too.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil

Noting the contribution made by those who try to hack its security, Google has once again increased the cash rewards it pays out for identifying vulnerabilities in its services.

The Internet giant, which began swapping security research for cash a couple of years ago, announced the higher payouts and new rules for the program Thursday on the company's Online Security Blog.

The bounty for cross-site scripting bugs on Google Accounts more than doubled from $3,133.70 to $7,500. The reward for reporting cross-site scripting bugs in other sensitive areas such as Gmail and Google Wallet more than tripled to $5,000 from the previous $1,337. The top payout for significant authentication bypasses and information leaks was bumped up to $7,500 from $5,000.

"Our vulnerability reward programs have been very successful in helping us fix more bugs and better protect our users, while also strengthening our relationships with security researchers," Google's security team wrote in the post.

The Vulnerability Reward Program was launched in 2010 to recruit external researchers to find system bugs and flaws. Since then, Google has received more than "1,500 qualifying vulnerability reports that span across the hundreds of Google-developed services," according to the blog post. The team said Google has paid out $828,000 to more than 250 people.