Google vulnerability reward programs: updated rules and significant reward increased

Launched in 2010, this program is a wide success for Google, in terms of security impact, bugs fixed and Company reputation.

‘’since introducing our reward program for web properties in
November 2010, we’ve received over 1,500 qualifying vulnerability reports that span across Google’s services, as well as software written by companies we have acquired. We’ve paid $828,000 to more than 250 individuals.’’ Reported Adam Mein and Michal Zalewski, Security Team.

Henceforth,, to maintain this dynamic, Google is rolling out updated rules and significant reward increases for another group of bug categories:

• Cross-site scripting (XSS) bugs on https://accounts.google.com now receive a reward of $7,500 (previously $3,133.7). Rewards for XSS bugs in other highly sensitive services such as Gmail and Google Wallet have been bumped up to $5,000 (previously $1,337), with normal Google properties increasing to $3,133.70 (previously $500).
• The top reward for significant authentication bypasses / information leaks is now $7,500 (previously $5,000).