Advertisment

Google rewarded nearly $3M under bug bounty in 2017

author-image
CIOL Writers
New Update
google building e

Google paid out nearly $3 million to security researchers in 2017 who found out bugs in their products and services under its Vulnerability Reward Program.

Advertisment

Google's Vulnerability Reward Program (VRP), like other crowd-sourced vulnerability hunting programs, is designed to help bolster the security of its growing product and service portfolio. The program rewards third-party security researchers who discover and responsibly report bugs in Google-developed apps on Google Play, the Chrome Web Store and in iTunes. Also covered under the program are Google-owned web services, including YouTube.

Jan Keller, a member of Google's Vulnerability Reward Program (VRP) wrote in a blog post, "We awarded researchers more than $1 million for vulnerabilities they found and reported in Google products, and a similar amount for Android as well. Combined with Chrome awards, we awarded nearly $3 million to researchers for their reports." Keller added, "We also awarded $125,000 to over 50 security researchers from all around the world through our Vulnerability Research Grants Program and $50,000 to the hard-working folks who improve the security of open-source software as part of our Patch Rewards Program."

Around $1.1 million each was paid for bug reports specific to Google and Android products while Chrome awards accounted for the rest of the Vulnerability Reward Program. The largest single payment of $112,500 went to independent researcher Guang Gong for outlining an exploit chain on Pixel phones as part of the Android Security Rewards Program.

Security researcher "gzobqq" received the $100,000 award for a chain of bugs across five components that achieved remote code execution in Chrome OS guest mode. Alex Birsan discovered that anyone could have gained access to internal Google Issue Tracker data. Google awarded him $15,600 for his efforts.

google