Google and Facebook are now offering bounties for those who can hack their systems. The two platforms now claim that hacking is not a crime.
Google and Facebook are now planning Apple’s move when it comes to enhancing their systems’ security features. According to these two tech firms, hacking is not actually a crime if you would use it to benefit your company. As of the moment, cybercriminals hired by the search engine giant have been earning more than $3.5 million in revenue. On the other hand, those hired by FB have been receiving more than $2.5 million.
The new movement of Google and Facebook is called “Hacking is NOT a Crime,” which aims to use cybercriminals to enhance their products. As of the moment, individuals are still confused whether hacking is really an online crime or if it is a process that enhances a system’s security.
However, some experts explained that Google, Facebook, and other tech giant firms, together with their consumers, would have a safer place if online attackers and other cyber criminals don’t actually exist. Since this is the case, various tech firms have no choice but to hire online criminals or IT experts to breach their devices or systems, which cost millions of dollars.
Cybercriminals are Now Making Millions of Dollars, Legally
The payments made under the Google vulnerability rewards program (VRP) have varied across the years. Still, they total more than $29 million paid to 2,022 hackers in 84 countries since it launched a decade ago. The biggest single bounty paid to date was in 2019 when one enterprising hacker was awarded $161,000 for discovering an Android security flaw.
For the past few years, Google alone has paid out a total of $3,770,000 which is down from the 2020 total of $6,512,000. What hasn’t changed is that Android remains front and center when it comes to bounty payments, with $1,651,000 paid so far in 2021, compared to $1,397,000 for Chrome vulnerabilities.
On the other hand, Google announced that vulnerabilities across multiple platforms, such as Android, Play Store, and Chrome are becoming more serious than ever as cybercriminals enhance their methods to breach these systems. This is one of the giant search engine company and Facebook decided to use online attackers against other illegal online attackers.
If you are interested in the new Google Bug Bounty program, here are some of the things you need to know.
Bug Bounty Program’s Details
Services in scope
- Third-party websites. Some Google-branded services hosted in less common domains may be operated by our vendors or partners. We can’t authorize you to test these systems on behalf of their owners and will not reward such reports. Please read the fine print on the page and examine domain and IP WHOIS records to confirm. If in doubt, talk to us first!
- Recent acquisitions. To allow time for internal review and remediation, newly acquired companies are subject to a six-month blackout period. Bugs reported sooner than that will typically not qualify for a reward.
- Cross-site scripting
- Cross-site request forgery
- Mixed-content scripts
- Authentication or authorization flaws
- Server-side code execution bugs