LONDON: Google awarded a lot of money these days as a high tech “bounty hunter” who locates hard-to-find software bugs and turns them into the vendors.
Just this week, a team of security researchers in Poland got a hefty $50,000 prize from Google for uncovering some holes in Google’s App Engine cloud, Google confirmed.
The researchers say this is the largest prize Google has ever awarded through its “Vulnerability Reward Program,” more commonly known as a “bug bounty” program.
That’s when hackers report the software holes they find to the makers of the software in exchange for prize money. They do this instead of using them or selling them on the black market for nefarious reasons.
This isn’t the biggest award Google has ever given out. Hacking contests often pay even bigger rewards. For instance, Google set aside $2.71828 million in prizes for its fourth annual Pwnium, a contest where hackers all try to hack Chrome. (The amount was a geek joke. That number is known as “the mathematical constant e,” an important concept to understand when writing algorithms.)
Google was prepared to pay $150,000, a nice year’s salary, for a hack delivered by a web page that let the hacker control a Chrome OS PC even after it reboots.
And Google confirmed that it did give out one $150,000 prize to a hacker who did such a thing on an HP Chromebook 11.
Google isn’t alone. Microsoft has given out $300,000 to date, including two $100,000 prizes in 2013, and a bunch of undisclosed prize amounts in 2014.
Meanwhile Bugcrowd, a startup that helps hackers find bug bounties (and earn prize money), list dozens of bounty programs that will pay $1,000-$5,000 per really bad bug.
All this to say that even though it looked like the bad guy hackers (known as “black hats”) were winning in 2014, the white hats still have some tricks of their own.
