Google, Microsoft Reward Researchers Up To $30,000 With ‘Bug Bounty’ Program

Google, Microsoft Reward Researchers Up To $30,000 With ‘Bug Bounty’ Program

by Laurie Sullivan @lauriesullivan, March 6, 2017

Google, Microsoft Reward Researchers Up To $30,000 With 'Bug Bounty' Program

Google and Microsoft have increased the payouts for their bug bounty program in an effort to protect users and reward researchers for finding Web and code vulnerabilities.

Rewards from Google that include finding a remote code execution bug will reap a reward of $31,337, up from $20,000. An unrestricted file system or database access could earn someone $13,337 — up from $10,000 — and figuring out logic flaw bug leaks or bypassing significant security controls will bring about $10,000. Google will also pay between $500 and $7,500 for clickjacking.

Google’s increases are permanent, but Microsoft’s are only for a period of about two months, for a few services. This means that Microsoft will pay out $30,000 — up from $15,000 — until May 1.

Double payments for vulnerabilities range from cross-site scripting to injection vulnerabilities and authentication. The properties that Microsoft will pay bonus bounties for include core Web applications in the Office 365 suite such as email, calendars, and contacts.

Google has revealed several Microsoft bugs in the past couple of years. In the most recent security flaw reveal, the Microsoft bug affects the browsers Edge and Internet Explorer. Initially it was reported to Microsoft on November 25, 2016, according to reports. Microsoft was offered 90 days to patch the hole, which is standard, before Google made it public. Microsoft cancelled this month’s Patch Tuesday, missing its deadline, so Google announced it to the world.

Google’s Project Zero research team shows how an attacker can destroy a perfectly good day.

MediaPost.com: Search Marketing Daily

(36)