Google joined Microsoft this week in announcing an increase in two vulnerability categories in its Google Vulnerability Rewards Program.
Starting on March 6 the bug bounty for confirmed remote code execution flaws will jump to $31,337, from $20,000 and for those bounty hunters who find a confirmed Unrestricted file system or database access the price is now $13,337, up from $10,000.
“Because high severity vulnerabilities have become harder to identify over the years, researchers have needed more time to find them. We want to demonstrate our appreciation for the significant time researchers dedicate to our program, and so we’re making some changes to our VRP,” Josh Armour, security program manager, wrote in Google’s security blog.
Google also reported that the number of valid reports coming from researchers in China, United States and India all increased in 2016. Thenumber China-based hunters who received payment more than tripled the number of bugs submitted to Google, while India and the United States each boosted its output by about 40 percent.
Researchers in France and Germany also greatly increased their output with France’s 44 percent increase making helped break that nation into the top five on Google’s list of researchers reporting valid bugs.