waplog

Google Paid Out $3.4 Million In Vulnerability Rewards During 2018


To close out the week that Google spun out of Safer Internet Day, the company summarized the progress of its Vulnerability Reward Program in 2018. In total, $3.4 million in rewards were issued last year to 317 security researchers from around the world.
 
The Google Vulnerability Reward Program has paid out $15 million since launching in 2010. Last year, half of the $3.4 million went towards Android and Chrome, the company’s most user-facing platforms.
 
The goal of the program is simple: encourage researchers to report issues so that we can fix them quickly and keep users’ data secure. We also provide financial rewards for bug reporters, ranging from $100 to $200,000, based on the risk level of their discovery.
 
There were 1,319 individual rewards to 317 paid researchers in 78 countries. The biggest single reward was to the tune of $41,000, while $181,000 in total was donated to charity. Google goes on to name a few of the researchers in its yearly recap:
 
“Thanks to researchers from all around the world, we’ve been able to patch all different types of bugs. Ezequiel Pereira, a 19-year-old researcher from Uruguay, uncovered a Remote Code Execution “RCE” bug that allowed him to gain remote access to our Google Cloud Platform console. Tomasz Bojarski from Poland discovered a bug related to Cross-site scripting (XSS), a type of security bug that can allow an attacker to change the behavior or appearance of a website, steal private data or perform actions on behalf of someone else. Tomasz was last year’s top bug hunter and used his reward money to open a lodge and restaurant. After Dzmitry Lukyanenka, a researcher from Minsk, Belarus, lost his job, he began bug-hunting full-time and became part of our VRP grants program, which provides financial support for prolific bug-hunters over time.”



MTCHT
ICT
TECHNOLOGICAL INNOVATIONS
POST
ABOUT US
NEWS
INTERESTING
INTERVIEW
ANALYSIS
ONLAIN LESSONS