It can be recalled that Google has already paid over USD 2 million in rewards under its 'bug bounty programme' to users who report vulnerabilities in its Chrome browser and operating system. It can also be noted that Indians were the second biggest recipient by county of a similar anti-bug initiative by Facebook earlier this year. (Agencies)
"We've now paid out in excess of USD 2 million across our security reward initiatives. This includes over USD1 million for the Chromium VRP/Pwnium rewards, and in excess of USD 1 million for the Google Web VRP rewards," Google said in a blogpost.
A bug is an error or defect in software or hardware that causes a programme to malfunction. While bugs can cause software to crash or produce unexpected results, certain defects can be used to gain unauthorized access to systems.
Recently, social networking site Facebook also said it paid over USD 1 million in the last two years to security researchers who report bugs on its website and India was second among recipients by country.
Microsoft has also started a bug bounty programme in June, offering up to USD 100,000 for reporting exploitation techniques against protections built into the latest version of its Windows operating system.
Google, in its post said, bugs previously rewarded at the USD 1,000 level will now be considered for reward at up to USD 5,000. "We will issue higher rewards for bugs (that) we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity," it added.
Since the launch of its Chromium and Google Web Vulnerability Reward Programmes three years ago, Google has rewarded and fixed over 2,000 security bug reports, it said.
Google will also continue to pay previously announced bonuses on top, like those for providing a patch or finding an issue in a critical piece of open source software. Since the launch of the rewards programme, it has received over 1,500 qualifying vulnerability reports that span across Google's services as well as software written by companies it has acquired.
In June, Google had hiked the amount it pays for cross- site scripting vulnerabilities in Google web properties to USD 7,500 from USD 3,133.7. It raised the reward for XSS bugs in highly sensitive services like Gmail and Google Wallet to up to USD 5,000, while USD 7,500 will be paid for pointing out significant authentication bypasses/information leaks.
It can be recalled that Google has already paid over USD 2 million in rewards under its 'bug bounty programme' to users who report vulnerabilities in its Chrome browser and operating system. It can also be noted that Indians were the second biggest recipient by county of a similar anti-bug initiative by Facebook earlier this year.