Google paying security researchers money to hunt for bugs in its products, no strings attached

Google has decided to pay independent security researchers money upfront, to help it find vulnerabilities in Google products. Unlike other Security Rewards Programs, which pay out money only if the researchers are able to find any security flaw in companies’ products, the Google grant is different, according to Google’s blog post.

Called the Vulnerability Research Grant, this program pays money to the researchers even before they start working on the project. If they are not able to find any security flaws, they can still keep the money without having to pay back any penalty. Not just that, these researchers are still eligible for regular monetary rewards if they find or fix a zero-day vulnerability.

Naturally, this program is not meant for amateur hackers but for seasoned security professionals. Google is treating the research program as an experiment and the researchers will be selected based on their past track record.

The awards range from $500 to $3,133.70 and the grant touches upon different areas of research. You can find a list of areas which Google has opened up to security researchers along with the steps to be a part of this program. If you feel you are up to the mark, you can apply on their application page.

This program is different from Google’s ‘Security Rewards Program’ which was started in 2010. According to Google, it has given out $4 million in rewards to researchers who were part of this program, with $1.5 million being awarded in 2014.

Google has also announced that all the apps that come from the Google Play store will be part of the Vulnerability Research Grant program as well.