Google recently announced that it has paid over $6 million to security researchers since launching its bug bounty program in 2010. Google claims that financial rewards help them to make their services, and the web as a whole, safer and more secure.
LogBook : Google Paid Over $6 Million To Security Researchers
Google Vulnerability Reward Program (VRP) has been started from the year 2010.
Since 2010, Google has paid $6 million to security researchers for finding flaws.
In 2015 alone, Google has rewarded more than 300 different security researchers over $2 million for finding more than 750 bugs.
Security researchers from around the world—Great Britain, Poland, Germany, Romania, Israel, Brazil, United States, China, Russia, India to name a few countries—participated in Google’s bug bounty program in 2015
Google’s security team has expanded the program time and time again to encompass more products and offer more lucrative rewards.
In June 2015, Google launched Android Vulnerability Reward Program, where the company paid more than $200,000 to security researchers for their work, including the company’s largest single payment of $37,500 to an Android security researcher.
Google also began to provide researchers with Vulnerability Research Grants, lump sums of money that researchers receive before starting their investigations.
The purpose of these grants is to ensure that researchers are rewarded for their hard work, even if they don’t find a vulnerability. Google said they already found positive result from Vulnerability Research Grant program.
Google said that : “Kamil Histamullin a researcher from Kasan, Russia received a VRP grant early last year. Shortly thereafter, he found an issue in YouTube Creator Studio which would have enabled anyone to delete any video from YouTube by simply changing a parameter from the URL. After the issue was reported, our teams quickly fixed it and the researcher was was rewarded $5,000 in addition to his initial research grant. Kamil detailed his findings on his personal blog in March.”
Google also shared two interesting stories about its bug bounty program in 2015.
- Tomasz Bojarski, the most prolific researcher of the year, found 70 bugs on Google in 2015. He even found a bug in Google’s vulnerability submission form.
- Sanmay Ved, a researcher who bought google.com for one minute on Google Domains, received $6,006.13 (“google” spelled-out numerically). Google doubled the amount when Ved donated his reward to charity.
Since these types of bug bounty programs will help to motivate individuals and groups of hackers not only to find flaws, but to disclose them properly, instead of using them maliciously or selling them to parties that will.