Both Google and Microsoft recently decided to up ante in their bounty programs, jacking up the amount they pay people for finding bugs. Google made the first increase, and then Microsoft literally doubled down on its own program, as FossBeta reports.
Google increased its largest award level to $31,337 for anyone identifying a remote code execution vulnerability. That’s a more than 50 percent increase from the previous cap of $20,000. Unrestricted file system or database access bugs can bring the successful bounty hunter between $10,000 and $13,337.
Google’s bounty program pays out for vulnerabilities discovered in various Google properties such as Google Search, the Chrome web store, Google play, and more. Some of the specific bugs that Google is looking for are command injections, deserialization flaws, and sandbox escapes.
Microsoft is looking for cross site-scripting, cross-site request forgery, and a variety of other flaws in its systems. The company has recently suffered some zero-day bugs identified and publicized by the Google Zero program before it could fix them, which might be part of the reason why Microsoft doubled its bug bounty from $15,000 to $30,000.
Security is big business, as is cybercrime. Hackers can make tons of money exploiting systems and then selling the private information they’re able to steal, and bug bounty programs like Google’s and Microsoft’s help even the playing field.
