For security researchers who specialize in hunting down bugs, Google just made the profession a tad more lucrative.
Over the past five years, Google has paid out more than $4 million to roughly 200 security researchers who have discovered bugs in its software. (In total, those researchers have discovered more than 500 bugs.) For some bug-hunters, that work has opened the door to a full-fledged career: George Hotz, a 25-year-old hacker, earned the largest award ($150,000) in 2014 for discovering flaws in Google Chrome; Google later offered him an internship with Project Zero, its elite security team.
Now Google’s evolving its bug-hunting program further, with “Vulnerability Research Grants” that will pay out up-front awards to researchers “before they ever submit a bug,” in the words of a Google blog posting.
The grants are simple, at least in theory: Google will publish “different types of vulnerabilities, products and services for which we want to support research beyond our normal vulnerability rewards.” The company will issue grants immediately before researchers begin their work in those areas, with no strings supposedly attached. (The maximum grant is $3,133.70.) Researchers who accept these grants are still eligible to earn awards for any bugs they find.
All mobile applications developed by Google (and available via Google Play and iTunes) are eligible for the Vulnerability Reward Program.
For bug hunters, happy hunting just got a bit happier.
- Is an Ethical Hacking Certification Worth Earning?
- Google Wants to Nuke CAPTCHA for Good
- Google’s Next Security Tool: High-Frequency Sound?