Google Will Now Pay Researchers Before They Find Security Flaws

Google seems to have gone one step further to promote its bug bounty programs.

The practice of paying top security researchers to locate bugs in its software with Google’s Security Rewards Program since 2010 has worked so well that the company is now finding it tough to find flaws. Google has now resorted to a slight change with the launch of Vulnerability Research Grants program; it will compensate bug hunters for their efforts before they even begin their hunt. Talk about sweetening the pot.

Google’s new program will compensate bug hunters for their efforts before they even begin their hunt

From now on, Google will especially request experts to grant their services under the scope that Google will set. Each project would set Google back by anything between $500 and $3,133.70, which is to be awarded prior to the research. This is Google’s way of encouraging those who put in the time and effort but end up without a flaw.

The Vulnerability Reward Program covers any apps that Google has developed, be it on Google Play Store or iTunes. As far as the credentials of participants go, you will have to be a ‘top performing’ bug reporter or an invited expert to partake in this scheme. The features and products include Chrome Web Store, Inbox and Gmail besides others.

Google has paid over $4 million to researchers for reporting bugs since 2010

Google has emphasized and reemphasized that failure to locate a bug would not affect future prospects of a candidate. The company does expect participants to fill in a survey once the research is complete. It feels that the company, as a whole, benefits from awareness regarding its products that contain trickier bugs.

The company has revealed that it has paid over $4 million to researchers for this service since 2010. Only last year, it compensated the efforts of around 200 researchers with about $1,500,000. These efforts had led to the discovery of over 500 bugs in the features and products under scrutiny.

The single largest payout ($150,000) was made to George Hotz who managed to clear the defenses of Google Chrome. The PlayStation and iPhone hacker was also offered an internship with Project Zero as a result.