Skip to main content

Microsoft and Google paying more than ever for bugs found in their systems

google microsoft increase payouts in bug bounty programs
Jean Marconi/Flickr
If you’re a coder or other highly technical sort who can dig into a system and find bugs, then you can turn that skill into some cash. Developers big and small, including major players like Google and Microsoft, have programs that will pay you real money for discovering flaws and vulnerabilities in their systems.

Both Google and Microsoft recently decided to up ante in their bounty programs, jacking up the amount they pay people for finding bugs. Google made the first increase, and then Microsoft literally doubled down on its own program, as FossBeta reports.

Google increased its largest award level to $31,337 for anyone identifying a remote code execution vulnerability. That’s a more than 50 percent increase from the previous cap of $20,000. Unrestricted file system or database access bugs can bring the successful bounty hunter between $10,000 and $13,337.

Google Application Security Blog
Google Application Security Blog

Google’s bounty program pays out for vulnerabilities discovered in various Google properties such as Google Search, the Chrome web store, Google play, and more. Some of the specific bugs that Google is looking for are command injections, deserialization flaws, and sandbox escapes.

Microsoft is looking for cross site-scripting, cross-site request forgery, and a variety of other flaws in its systems. The company has recently suffered some zero-day bugs identified and publicized by the Google Zero program before it could fix them, which might be part of the reason why Microsoft doubled its bug bounty from $15,000 to $30,000.

Security is big business, as is cybercrime. Hackers can make tons of money exploiting systems and then selling the private information they’re able to steal, and bug bounty programs like Google’s and Microsoft’s help even the playing field.

Editors' Recommendations