Google hands out a large bug-finders fee of $50,000

Google hand out a handsome reward to a Polish security research team as they found flaws in their App Engine developer platform - the highest payment yet.

52 seconds read time

A group of Polish security researchers have been rewarded with $50,000 from Google, thanks to their investigation and findings of 30 flaws within the Google App Engine developer platform - said to give hackers possible access beyond their own virtual machines.

Google hands out a large bug-finders fee of $50,000 |

This flaw was further explained as allowing intruders the ability to bypass the Oracle Java security sandbox.

While in operation, Google detected this research team conducting their tests and locked them out of their Google App Engine account - meaning no more progress could me made. After two weeks Google allowed this team to continue their research, complete their exploration of the GAE flaws and produce a report on the findings. There was one clear-cut rule however, the researchers must limit their work to the Java Virtual Machine (JVM) layer and steer clear from the next sandboxing layer.

This approved work was conducted between the 11th and 21st of December 2014, seeing Google acknowledge the findings - stating that the "security Explorations' report demonstrated that one of company's layers of defence had insufficient mitigations against a certain type of attacks and the auditing of the privileged Java classes were insufficient".

The $50,000 reward was paid under Google's vulnerability reward program (VRP) and this marks the highest cash reward given under this scheme - said to be separate to the Chrome VRP.


I'm a competitive gamer and was an eSports employee. Recent changes have seen me hang up the mouse and move over to the technology world, covering all news for TweakTown, ranging from gaming news to opinion articles and the latest tech releases. Expect to see a few different articles on international eSports news and competitive game releases, as well as audio and mobile device content.

Newsletter Subscription

Related Tags