Google Expands Bug Bounty Programs to Reward Security Researchers More Generously
Since 2010, Google has paid over $4 million to security researchers for identifying vulnerabilities in its software. Now, the company is ready to invest even more in making its programs secure.
On Friday, they announced an expansion of its Security Rewards Programs. The update allows researchers to receive payments even before they find bugs in its software. The company is also broadening the Vulnerability Reward Program (VRP). It now includes all mobile applications officially developed by Google and available on the Google Play Store and Apple iTunes Store.
The success of Google’s bug bounty programs led to the launch of a new grant initiative. they Security Engineer Eduardo Vela Nava explained that external researchers and the internal security team have worked together. Their collaboration has made it increasingly difficult to discover vulnerabilities.
“Of course, that’s good news,” Vela Nava noted in a company blog post, “but it can also be discouraging for researchers when they invest their time and struggle to find issues.”
Google’s new approach actively incentivizes and rewards researchers for their efforts, even when their discoveries are minimal. This strategy fosters a stronger partnership with the security community.