Microsoft and Google Have Increased Their Bug Bounties
Computing companies Google and Microsoft have both embraced the positivity of 2017 by increasing the amount of money they pay out on their bug bounties.
Google is giving security crackers the best holiday money opportunities and has increased its top whack payout for a Remote Code Execution in the vulnerability reward program from $20,000 to a much more internetty $31,337.
The increase also applies to file system and database access, where bug hunters can expect payments to increase from $10,000 to $13,337.
"Since the launch of our program in 2010, Google has offered a range of rewards: from $100 USD for low severity issues, up to $20,000 USD for critical vulnerabilities in our web properties (see Android and Chrome rewards)," said Josh Armour, security program manager.
"But, because high severity vulnerabilities have become harder to identify over the years, researchers have needed more time to find them. We want to demonstrate our appreciation for the significant time researchers dedicate to our program, and so we`re making some changes to our VRP."
Microsoft, which in case you missed it has a big problem with vulnerabilities, has also increased its bounties, but not by quite as much as Google has. Microsoft`s bounties apply to its online services, which is handy if you use things like Office 365, and very nice if you have found a vulnerability in them.
"In September 2014 we launched the first phase of the Microsoft Online Services Bug Bounty program, and expanded the program in April 2015 and the August 2015 to include various Azure and additional Office 365 properties," said the announcement from the Redmond software factory.
"Qualified submissions are eligible for a minimum payment of $500 USD up to a maximum of $15,000 USD. Bounties will be paid out at Microsoft's discretion based on the impact of the vulnerability.
"From March 1, 2017 to May 1, 2017, any eligible vulnerability submitted for Microsoft Office 365 Portal and Microsoft Exchange Online will be eligible for double rewards. Hence, any qualified vulnerability found in the domains below will receive up to $30,000 USD if it's submitted between March 1 and May 1, 2017."