Internet and mobile giant Google has been offering bug bounties to all developers, research firms, and individuals for submitting crucial unknown bugs and making the firm aware of their existence as part of its Vulnerability Rewards Program (VRP). Now, upping the ante, Google has announced that it is willing to offer more compensation to bug reporters moving forward.
Google announced that it is increasing the reward for remote code execution on Google servers from $20,000 to $31,337. Furthermore, the 'Unrestricted file system or database access' reward has increased from $10,000 to $13,337. The numbers appear to be homage to 1337, the alternative Internet alphabet also known as 'leet'
As critical vulnerabilities are becoming harder to identify, Google looks to reward outside help appropriately for aiding in keeping its properties pest-free. "Because high severity vulnerabilities have become harder to identify over the years, researchers have needed more time to find them. We want to demonstrate our appreciation for the significant time researchers dedicate to our program, and so we're making some changes to our VRP," Google wrote on its blog.
Google also highlighted some stats on which countries contributed most, and gained the most amount of rewards. From India in 2016, Google received approximately 40 percent more reports from researchers as compared to 2015 and gave out 30 percent more rewards which almost tripled the total, and doubled the average payout (both per researcher and per reward).
China took the top spot with a significant 3x increase over 2015. Germany and France also had a significant increase in submission of reports - 27 percent and 44 percent respectively. France was a part of the top five countries for the first time last year.