Google has announced a fivefold increase in payouts for bugs found in its systems and applications reported through its Vulnerability Reward Program, with a new maximum bounty of $151,515 for a single security flaw.
“As our systems have become more secure over time, we know it is taking much longer to find bugs – with that in mind, we are very excited to announce that we are updating our reward amounts by up to 5x,” Google said.
The updated Reward Amounts section of the Google VRP rules provides more information on Google’s changes to the reward amounts and new payout structure.
Nest.com = $3,750 $500. Last week, Google launched kvmCTF, a new VRP announced in October 2023 to improve the security of the Kernel-based Virtual Machine hypervisor.
Since its Vulnerability Reward Program was launched in 2010, Google has paid more than $50 million in bounties to security researchers who reported more than 15,000 vulnerabilities.
Last year alone, Google paid $10 million, with the highest reward being paid to a bounty hunter who collected $113,337.
