Earlier this year Google increased its bug bounty drastically, offering an award of up to $20,000 in comparison to its previous top reward of $3,133.70.
Now, the company is giving even more incentives to crafty bug catchers out there.
On Tuesday, Chrome software engineer Chris Evans (not to be confused with Captain America) stated in the Chromium Blog, "Recently, we've seen a significant drop-off in externally reported Chromium security issues. This signals to us that bugs are becoming harder to find."
According to the engineer, Google will be awarding researchers additional bonuses starting from $1,000 and increasing based on the severity of the bugs. The bonuses will be added to the current base payments, which range anywhere from $500 to $3,133 for "particularly exploitable" bugs found in Chrome's code and for vulnerabilities that affect additional browsers.
The bug bounty program changes were immediately put into effect, but the company graciously gave $1,000 and $3,000 bonuses to recent bug reporters who were eligible under the new program. In addition to the bonuses for bug reporting, Google also hopes to increase activity in the Chromium community by offering additional bonuses of $500 to $1000 to any bug catcher who joins the community and provides a peer-reviewed patch.
