Since 2010, when it began paying security researchers to find flaws in its programs, Google has paid more than US$4 million to bug hunters. Now it's prepared to pay even more. T
he company announced Friday that it's expanding its Security Rewards Programs to include payments to researchers before they find bugs in Google's software. It's also broadening the reach of its Vulnerability Reward Program to include all mobile applications officially developed by Google and distributed at the Google Play and iTunes stores.
The success of Google's bug bounty programs contributed to the company's decision to launch its grant program. "[R]esearchers' efforts through these programs, combined with our own internal security work, make it increasingly difficult to find bugs," Google Security Engineer Eduardo Vela Nava explained in a company blog. "Of course, that's good news," he continued, "but it can also be discouraging when researchers invest their time and struggle to find issues."</p>