Google comes up with a new reward program for security researchers interested in finding bugs in its high-profile applications and services. The program initiated by Google will offer up-front grants of up to $3,133.70 to selected security researchers who will receive rewards regardless of whether they find a bug or not.
Since 2010, Google has been rewarding researchers for finding and fixing bugs in its products and services through its security reward programs. But the new initiative by Google will pay the selected researchers even before the research begins. It has been designed to keep the researchers focused on the company’s products in spite of the growing difficulties that researchers face while finding vulnerabilities, including financial barriers.
Explaining the point, Google’s security engineer, Eduaro Vela Nava said, “It can…be discouraging when researchers invest their time and struggle to find issues. These are up-front awards that we will provide to researchers before they ever submit a bug.”
Under the new reward program, Google will mention the particular types of vulnerabilities, products and services, for which the selected researcher will have to support with security research. To participate in the program, interested candidates can apply for a grant to look into those areas.
Here’s how the newly designed reward program is expected to work:
- Google will publish different types of vulnerabilities, products and services for which the research will be supported. Here, the research should be done beyond the company’s normal vulnerability rewards.
- Google will provide grants just before the research begins, with no other hidden conditions. The researchers can hereafter begin the research they applied for.
- The reward program consists of various tiers, ranging from $500 to $3,133.70 reward brackets.
- Apart from the grants for specified research, security researchers will also be eligible for regular awards for the bugs they identify.
- The program is only applicable to the candidates who have a proven track record in the company’s existing reward program as well as invited research specialists.
The latest Vulnerability Reward Program also includes research for all mobile applications, which are officially developed by Google and are available on Google Play and iTunes.
Notably, in 2014, Google paid more than $1, 500,00 as reward to more than 200 researchers for finding bugs and providing timely fixes for them.
Bug-hunting has turned into a competitive and lucrative profile. It is more like a shielding weapon, which big brands use to find persistent bugs. Thereafter, they work on offering fixes for these bugs so that they can be tackled before the bugs are disclosed publicly. Other big brands offering the bug bounty program includes Microsoft, Mozilla and Facebook.