Google offers security flaw hunters $3,000 bounty

A red padlock with a binary code label surrounded by circuits.

Google has launched a new security rewards programme, designed to help the search giant find more vulnerabilities and fix them more efficiently.

The Vulnerability Research Grants scheme will reward security researchers with enhanced bounties should they uncover a bug - before they even submit it to Google. The rewards will also apply for bugs uncovered in mobile apps developed by Google and available for distribution on Google Play and iTunes.

Google said with its own security team and those outside of the organisation searching for bugs, it can be difficult to find new vulnerabilities, which is why Google has increased the level of rewards on offer.

Google security engineer Eduardo Vela Nava said on the company's blog: "We'll publish different types of vulnerabilities, products and services for which we want to support research beyond our normal vulnerability rewards.

"We'll award grants immediately before research begins, with no strings attached. Researchers then pursue the research they applied for, as usual. There will be various tiers of grants, with a maximum of $3,133.70."

The minimum level of reward will be $500 in the newly launched services and features category, while for sensitive product security research and security improvement efficacy research, prizes will start at $1,337.

In September last year, Google increased the bug bounty for flaws found within Chrome to $15,000. Tim Willis, hacker philanthropist on the Chrome Security Team said at the time: "We'll pay at the higher end of the range when researchers can provide an exploit to demonstrate a specific attack path against our users.

"Researchers now have an option to submit the vulnerability first and follow up with an exploit later. We believe that this a win-win situation for security and researchers: we get to patch bugs earlier and our contributors get to lay claim to the bugs sooner, lowering the chances of submitting a duplicate report."

Clare Hopping
Freelance writer

Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.

Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.

As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.