If you are a hacker or a bug bounty hunters, then there is good news for you. Tech giants Google and Microsoft has just raised their value of payouts they offer bug hunters.
Well, we all know that Bug bounty programs are becoming more and more popular among all tech companies. Just now we have seen Apple launched its Bug Bounty programs. Let me tell you about Bug Bounty Programmes; it’s a program in which company pays large sums for security flaws which are discovered by Bug hunters and white hat hackers.
Recently, Microsoft doubled its top reward from $15,000 to $30,000 because over the last few weeks Google released information about security vulnerabilities in Microsoft’s latest operating system Windows 10 before it was patched.
Google, on the other hand, has raised its highest reward to find a remote code execution vulnerability from $20,000 to $31,337 which is a 50% rise. Moreover, Google has a bonus price of $1,337 or “leet” award. That means researchers can earn up to $31,337 if they manage to find a remote code execution vulnerability.
Google has also raised the price for an unrestricted file system or database access bugs to $13,337 from $10,000. So, if you are a bug hunter then you need to find command injections, deserialization flaws and sandbox escapes on sensitive apps like Google search, Chrome web store, Accounts, Wallet, Inbox, Code Hosting, App Engine, Chromium Bug Tracker and Google Play to notch the reward of $31,337 from Google.
Well, Microsoft has also doubled its bug bounty payouts from $15,000 to $30,000 for finding vulnerabilities which includes- Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Unauthorized cross-tenant data tampering or access (for multi-tenant services), Insecure direct object references, Injection Vulnerabilities, Authentication Vulnerabilities, Server-side Code Execution, Privilege Escalation, Significant Security Misconfiguration (when not caused by user) in its outlook and office services.
It’s good to know that both the tech giant- Microsoft and Google are trying their best to eliminate the existing vulnerabilities in their services just to avoid any hacking attempts and make them more secure.