The notion of Big Tech paying developers to find holes in their systems and software is starting to gain some pivotal traction.
Word out of Google’s headquarters is that the company is amping up its bug bounty program -- Google Play Security Reward Program (GPSRP). The company hopes to improve the security level of apps available on its Google Play store, possibly in response to the recent news that one app spread malware to more than 100 million phones.
“We’re constantly looking for ways to further improve the security and privacy of our products, and the ecosystems they support,” noted Google in a blog post.
“At Google, we understand the strength of open platforms and ecosystems, and that the best ideas don’t always come from within. It is for this reason that we offer a broad range of vulnerability reward programs, encouraging the community to help us improve security for everyone.”
It takes a village
If Google can get independent, white hat security researchers to help it find vulnerabilities before their black hat adversaries do, it’s a win-win-win for Google, the researcher, and the consumer.
Regarding that consumer front, Google’s GPSRP’s refresh has bounties for finding vulnerabilities relating to phishing, email, device (e.g. Android phone), and classified user data -- all pain points for the everyday tech user.
Google’s bounty enhancement could be quite a field day for white hat researchers. “The tempting inclusion of all apps with 100 million (or more) downloads will make Google’s Play Store bug bounty program even more attractive for the researcher community,” commented technology blogger, Abeerah Hashim.
To Hashim’s point, ConsumerAffairs found one researcher who’s scored more than $75,000 in the last 90 days alone for finding Google-related flaws.
Big Tech’s reward system for finding system and application flaws is becoming almost lottery-like. Tesla gave a pair of hackers a Tesla 3 after they found a vulnerability in the vehicle’s infotainment system. Apple, Facebook, and Hewlett-Packard are also in on the hack-and-win idea, awarding as much as $1.5 million.