Google Pushes Up the Product-Abuse Bug Bounties

product-abuse bug

Google is increasing the reward amounts dedicated to its bug-bounty program for reports focusing on potential attack vectors in the product-abuse space, topping out at $13,337 per report.

The top award for flaws allowing cybercriminals to abuse legitimate services has multiplied by 166 percent.

Read More: How APIs can help hackers launch cybercrime campaigns

Product abuse is when threat actors use a legitimate service in a way to enable social-engineering or other cyber-attacks.

“The nature of product abuse is constantly changing,” wrote Google’s Marc Henson and Anna Hupa, from Google. “Why? The technology (product and protection) is changing, the actors are changing, and the field is growing. Within this dynamic environment, we are particularly interested in research that protects users’ privacy, ensures the integrity of our technologies, as well as prevents financial fraud or other harms at scale.”

Source: Threatpost