Skinner Juhl posted an update 5 months, 1 week ago
US giant treats his program seriously, which is why it devotes significant funding – last year the amount was exceptionally high and amounted to a total of 6.5 million dollars.
Nowadays, many companies rely on their bug bounty programs, which is a kind of invitation to seek and report found vulnerabilities in return for financial reward, and Google is no exception. Today, however, we learn that last year, the company spent on this program almost two times more than in the previous year, because the amount has grown from 3.4 to 6.5 million USD, which could also mean that the software company had a lot of mistakes, that had to be patched.
Google also stresses that the program Vulnerability Reward Programs (VRP) has been running since 2010 and within its framework already paid out a total of 21 million dollars! But back to the latest report, we also know that the largest single prize amounted to 201 337 USD and went to Guang Gong Alpha Labs, who discovered the vulnerability in a large smartphone Pixel 3. As for how payment decayed between Google , a $ 2.1 million went to the vulnerabilities found in Google products, 1.9 million on Android VRP, 1 million Chrome VRP, and 800 000 USD prize for errors trapped on Google Play.
It should be noted, however, that not all the money fell into the private accounts, because the scientists were last year, very generous and decided to allocate a total of 500 thousand dollars to charity, what Google thinks is the amount 5 times higher than the highest donation in the history of the program. It should also be noted that the high amount of prizes paid out is not only the amount of vulnerabilities found, but changes in the program. Google has raised rates for vulnerabilities, eg. For basic Chrome VRP from 5 to 15 thousand USD and a maximum of 15 to 30 thousand dollars.
The highest award envisaged in the program is $ 1 million Android Security Reward, you probably do not need to translate and it now includes not only the 8 most popular application, but all the others with at least 100 million installations. And this is not the only manufacturer who recently co-financed its program in this way, because you have to mention that last month Apple expanded its bug bounty on all scientists, and previously existed invitation and reducing the vulnerability in iOS, while increasing the maximum award of 200 000 USD to $ 1 million.