Whoa! Good news for hackers and bug hunters.
Google and Microsoft have raised the bounty payouts for the security researcher, white hat hackers and bug hunters who find a vulnerability in their products.
Google has raised its high reward from $20,000 to $31,337, which is raise of 50% and a bonus of $1,337 or ‘leet’ reward. While Microsoft raised the bounty reward from $15,000 to $ 30,000.
Bug bounty program helps giants in patching vulnerability and since more bug hunters are participating in bug bounty program it becomes easy to spot sophisticated bugs like remotely exploitable vulnerability, which were hard to discover and takes more time.
The company started its Security Rewards Program in 2010 to encourage security researchers to search and report bugs.
To Qualify Top-Notch Bounty.
Bug hunter should find a flaw in Google-owned browser extensions, mobile application and web applications.
- Cross-site scripting,
- Cross-site request forgery,
- Mixed-content scripts,
- Authentication or authorization flaws,
- Server-side code execution bugs.
So researchers need to find high-severity vulnerabilities, which is harder to identify by the company.
Until now, Google offered $20,000 for remote code execution (RCE) vulnerability and $10,000 for a database access bug. But now these rewards have been increased to $31,337 and $13,337, respectively.
Vulnerabilities like XML eXternal Entity (XXE) and SQL injection can make bounty bag $13,337 if they are highly sensitive.
Microsoft has also increased its bug bounty payouts,
Big giant Microsoft has also increased its bug bounty payouts from $20,000 to $30,000 for vulnerabilities including cross-site scripting (XSS), cross-site request forgery (CSRF).
Unauthorized data tampering or access (for multi-tenant services), insecure direct object references injection, server-side code execution, and privilege escalation bugs, in its Outlook and Office services, can also bag $20,000 to $30,000 depending upon their effects.
Google has already paid over $9 Million, including $3 Million awarded last year.
Hackers and bug hunters will get the reward only after reporting vulnerability along with valid proof-of-concept.
Big giants like Google, Microsoft and other companies working hard to discover and patch bug to secure their customer and to avoid hacking attempts.
For more details about Google Bug Bounty Program Reward, Click here.
So, what are you waiting for? Go find some top-notch bug if you are a bug hunter. Share your thoughts in comment section below.