Skip to main content

Microsoft and Google paying more than ever for bugs found in their systems

google microsoft increase payouts in bug bounty programs
Jean Marconi/Flickr
If you’re a coder or other highly technical sort who can dig into a system and find bugs, then you can turn that skill into some cash. Developers big and small, including major players like Google and Microsoft, have programs that will pay you real money for discovering flaws and vulnerabilities in their systems.

Both Google and Microsoft recently decided to up ante in their bounty programs, jacking up the amount they pay people for finding bugs. Google made the first increase, and then Microsoft literally doubled down on its own program, as FossBeta reports.

Google increased its largest award level to $31,337 for anyone identifying a remote code execution vulnerability. That’s a more than 50 percent increase from the previous cap of $20,000. Unrestricted file system or database access bugs can bring the successful bounty hunter between $10,000 and $13,337.

Google Application Security Blog
Google Application Security Blog

Google’s bounty program pays out for vulnerabilities discovered in various Google properties such as Google Search, the Chrome web store, Google play, and more. Some of the specific bugs that Google is looking for are command injections, deserialization flaws, and sandbox escapes.

Microsoft is looking for cross site-scripting, cross-site request forgery, and a variety of other flaws in its systems. The company has recently suffered some zero-day bugs identified and publicized by the Google Zero program before it could fix them, which might be part of the reason why Microsoft doubled its bug bounty from $15,000 to $30,000.

Security is big business, as is cybercrime. Hackers can make tons of money exploiting systems and then selling the private information they’re able to steal, and bug bounty programs like Google’s and Microsoft’s help even the playing field.

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Hackers have found a way to log into your Microsoft email account
A depiction of a hacker breaking into a system via the use of code.

Account holders for Microsoft email services are being targeted in a phishing campaign, according to security researchers from Zscaler's ThreatLabz group.

The objective behind the threat actors’ efforts is believed to be the breaching of corporate accounts in order to perform business email compromise (BEC) attacks.

Read more
U.S. federal court system cyberattack is worse than previously thought
A large monitor displaying a security hacking breach warning.

A cyberattack incident that involved the U.S. federal court system infrastructure has been proven to be an “incredibly significant and sophisticated” attack.

This statement is a stark difference from the one initially provided when the situation occurred in 2020.

Read more
Microsoft Edge gets hit with the same serious security bug that plagued Chrome
The Microsoft Edge browser is open on a Surface Book 2 in tablet mode.

Microsoft just released an Edge browser update that patches a dangerous flaw that could allow a cleverly designed attack to execute arbitrary code. While every security update should be installed promptly, this one is a bit more urgent because the attack is "in the wild" already, meaning that hackers are already taking advantage of this vulnerability to breach security.

Designated CVE-2022-2294, this vulnerability was actually a flaw with the Chromium project, the open-source code that Google's Chrome browser is built upon. Microsoft uses the same base code for the Edge browser, meaning bugs that affect one often plague the other. Google patched the same bug recently and has been keeping quiet about details of the attack to allow others to make similar fixes, since Chromium is quite a popular codebase.

Read more