Google and Microsoft bump-up bug bounty bunce

Google ups bug-bounty payments ceiling by one-third, while Microsoft offers a max of $15,000

Computer giants Google and Microsoft have bumped up the pay-outs in their respective bug bounty programmes.

Google has increased its top payout for a juicy remote-code execution in the vulnerability reward program from $20,000 to $31,337.

The increase also applies to file system and database access, where bug hunters can expect payments to increase from $10,000 to $13,337.

"Since the launch of our program in 2010, Google has offered a range of rewards: from $100 for low severity issues, up to $20,000 for critical vulnerabilities in our web properties (see Android and Chrome rewards)," said Josh Armour, security program manager.

He continued: "But, because high severity vulnerabilities have become harder to identify over the years, researchers have needed more time to find them. We want to demonstrate our appreciation for the significant time researchers dedicate to our program, and so we're making some changes to our Vulnerability Reward Program (VRP)."

Microsoft's increases are not quite as generous, but are still not to be sniffed at. It's top payout has been increased to $15,000.

"In September 2014 we launched the first phase of the Microsoft Online Services Bug Bounty program, and expanded the program in April 2015 and the August 2015 to include various Azure and additional Office 365 properties," said the announcement from the Redmond software factory.

"Qualified submissions are eligible for a minimum payment of $500 up to a maximum of $15,000. Bounties will be paid out at Microsoft's discretion based on the impact of the vulnerability.

"From March 1, 2017 to May 1, 2017, any eligible vulnerability submitted for Microsoft Office 365 Portal and Microsoft Exchange Online will be eligible for double rewards. Hence, any qualified vulnerability found in the domains below will receive up to $30,000 USD if it's submitted between March 1 and May 1, 2017."