Google Multiplies Low-Tier Bug Bounties By Factor of Five

Trailrunner7 writes "Google's bug bounty program has been one of the more successful reward systems of its kind, and the company has regularly modified and expanded the program over the years to keep pace with what's going on in the industry. Google also has increased the rewards it offers for certain kinds of vulnerabilities several times, and the company is doing it again, raising the lower reward level from $1,000 to $5,000. This is the second major reward increase in the last couple of months. In June the company jacked up the amount of money it pays for cross-site scripting vulnerabilities in Google web properties to $7,500, and also raised the reward for authentication bypasses to that same level. Now, Google is giving researchers more incentive to find significant vulnerabilities in its Chrome browser."

messing with Microsoft

[Anonymous Coward]

(posting anon because of my employMent Situation)

In many ways this is about control of the vuln market space rather than the value of the vulns. Microsoft is very slow to catch up, and the recent bug bounty required a herculean political effort internally and took months for approvals. Even so, the bounty amounts were focus-grouped to miniscule levels , meaning that Google pays more for Microsoft vulns than Microsoft does. Far more. I don't know whether or not Google dribbles them out slowly or not, after their own product patches or not, or other competitive move or not. But it ain't good, and Google's d!ck-waggling move shows how agile they are ,more than anything else.