New from Google is a program through which you can earn up to $30,000 in case you find security flaws in their applications.
Yes, Google wants to pay you up to 30,000 euros. Of course, it will not give you this figure for doing nothing. What those of Mountain View want is for you to be their eyes when it comes to finding security flaws within their applications. It may seem like an easy task, but we anticipate that, unfortunately, it is not at all.
Google has a program called “Vulnerability Reward Program” active. and who arrives to offer different figures for finding security problems. The most interesting thing about all this is the fact that any user can access this program, offering the possibility that anyone can earn this money.
Logically, what Google gains is the possibility of correcting security flaws in its applications before they pose a real inconvenience for the company. The 30,000 euros are small change for those of Mountain View, while facing a lawsuit or a sanction for security problems would be a more worrying situation.
Of course, the amount of money you can get will depend on the type of problem you identify. The severity of the security flaws will mark what Google will be able to pay you, the maximum being $30,000. To get the maximum amount you will have to find a category 1 security flaw or “Arbitrary Code Execution” within “Remote/No User Interaction”.
Finding security flaws in Google apps can earn you up to $30,000
When downgrading the prices will be lower, in fact, in category 2 the maximum that can be obtained with an error identical to the previous one is 25,000 dollars. The figure is still surprising, but it is lower than before. In fact, the minimum in category 2 is $625, while the minimum in category 1 is $750.
Google has enabled a Web page in which you can easily see how to access these rewards and, above all, all the information on how to report security flaws that have been found. And, is that, Google will have to verify that the bug exists in order to be able to pay for having found it.
It is clear that it is an interesting way to get more advanced users to work with a clear goal: find security flaws to get a suggestive amount of money. It may not be available to all users since to find errors it is convenient to have programming knowledge in the Android environment.
