Difficulty in Finding Security Flaws – Reason Behind Google’s Increasing Bounty

Difficulty in Finding Security Flaws - Reason Behind Google's Increasing Bounty

It is an increasingly common occurence to hear news about Google awarding huge sums to developers, hackers or testers for findng bugs. Ever wondered why? Well, the reason is simple. Google has increased its rewards for remote code execution bugs for Google, YouTube and Blogger domains.
The increase of amount is from $20,000 to $31,000, including a bonus of $1,337 or else called 'leet reward'.

This is because it has become more difficult to identify high profile vulnerabilities over the years and researchers are taking more time to find them.

Read Also

Indian Techie Finds Bug Giving Free Rides In Uber
 

In 2016, security researchers were paid $3 million by Google through bug bounty program, along with Chrome and Android bug-finding programs.

According to Google, China took the lead in 2016, who was in fourth place in 2015. US scored after China,followed by India, Germany, France, UK, Israel, Russia, Poland, and Canada.
Researchers from china got $675,000 last year, Russia was in second place earning $351,000. Being in third place. hackers from India got paid $84,000.

Josh Armour, security program manager at Google noted that the distribution of payments had only increased the performance of researchers, and this time 30% of rewards was achieved by 40% of Indian researchers.

So, how was the $3 million spent? Well, $800,000 of the amount was spent on bugs valued from $1,338 and $3,133.7, while a bracket total of $7oo,oo were spent on bugs valued between $5,001 to $7,500. Also, around $400,000 were spent on bugs valued at more than $20,000

Source