Security

Google PRECOGS to pay researchers before they find software flaws

Bug bounty effort grows a speculative arm after shelling out $1.5m last year

Google will pay you for bugs you haven't even found yet under a new program to help soothe frustrated researchers struggling to find flaws in ever harder software and services.

The Vulnerability Research Grants described as cash with "no strings attached" will allow security bods to apply for US$3133.70 to begin bug hunting expeditions.

Google will still hand out additional cash to hunters once they report flaws in their chosen field.

"We'll publish different types of vulnerabilities, products and services for which we want to support research beyond our normal vulnerability rewards," Google security engineer Eduardo Vela Nava wrote.

"We'll award grants immediately before research begins, with no strings attached [and] researchers then pursue the research they applied for, as usual."



Top bug hunters Adrian (Romania), Tomasz (Poland / UK), and Nikolai (Ukraine). Credit: Google.

Top bug hunters Adrian (Romania), Tomasz (Poland / UK), and Nikolai (Ukraine). Credit: Google.

The goal of the preemptive payments is to reward researchers for merely looking into Google services even if no vulnerabilities are found, the company says.

Top bug hunters would be able to apply for the program along with "invited experts". Script kiddies need not apply.

Those pros would examine new Google offerings for categories including sensitive products where bugs could have "grave consequences", and analysis of efforts to squash reccurring bugs across products.

The Choc Factory's Android and iOS apps are now open for paid vulnerability research, Nava said.

Punters could forgo the cash and opt to donate to charity in which case Google would double the reward.

The search and service giant also announced it handed out some $1.5 million last year to bug hunters for reporting vulnerabilities.

That cash was served to 200 different researchers the largest of which saw hacker and now Google Project Zero staffer George Hotz receiving $150,000 for illuminating a Chrome vulnerability.

The payments covered some 500 bugs. ®

Sponsored: Optimizing the hybrid cloud