As Google is running Bug Bounty Program from 2010, and till today Google have rewarded many researcher with the monetary reward, Hall-of-Fame, and some swags also. So here now Search giant is increasing the value of its bounty program reward.
From now onward's Google will be paying up to $40,000 to whoever will be able to point out bugs in the Android system. This move is part of the new Android Security Rewards program.
The new security rewards program only covers vulnerabilities found in the latest Android versions for Nexus phones and tablets currently available for sale in the Google Store in the United States.
This means that only security holes identified in Nexus 6 and Nexus 9 are eligible for a reward. Bugs in other popular devices or custom ROMs built for Nexus will not qualify. Vulnerabilities in Nexus Player, Android Wear, or Project Tango don’t qualify either, Google said.
The search giant is mainly looking for flaws in Android Open Source Project (AOSP) code, original equipment manufacturer (OEM) libraries and drivers, the kernel, and TrustZone OS and modules. Vulnerabilities in chipset firmware might also be eligible.
The reward will start at US$500 . If the bug reported is critical, the bounty will be higher. An additional US$30,000 will also be awarded for exploits that compromises TrustZone or Verified Boot.
Post a Comment