Google has paid security researchers over $6 million in 6 years

by admin 0 Comments

TECHNOLOGY

Products You May Like

Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Google sign Vince Smith Flickr

Google today announced it has paid out over $ 6 million since launching its bug bounty program in 2010. In the past year alone, the company paid more than 300 different security researchers over $ 2 million for finding more than 750 bugs.

Bug bounty programs are an excellent addition to existing internal security programs. They help motivate individuals and groups of hackers not only to find flaws, but to disclose them properly when they do, instead of using them maliciously or selling them to parties that will.

Google’s bug bounty program has been growing since its inception. The company has paid out more money and fixed more bugs every year since its debut. In response, Google’s security team has expanded the program time and time again to encompass more products and offer more lucrative rewards.

google_security_rewards_2015

Indeed, in January 2015, Google expanded the scope to include its Android and iOS mobile apps and began offering security grants (up-front awards before security researchers ever submit a bug). One example of the latter at work: After receiving a grant, security researcher Kamil Histamullin found an issue in YouTube Creator Studio which would have enabled anyone to delete any video from YouTube by simply changing a parameter from the URL. The bug was fixed and Histamullin received $ 5,000 in addition to his initial research grant.

Then in June 2015, Google started awarding security rewards for Android devices. By the end of the year, Google said it had already paid more than $ 200,000 to researchers for their work, including the company’s largest single payment: $ 37,500.

Google also shared two interesting stories about its bug bounty program in 2015:

  • Tomasz Bojarski, the most prolific researcher of the year, found 70 bugs on Google in 2015. He even found a bug in Google’s vulnerability submission form.
  • Sanmay Ved, a researcher who bought google.com for one minute on Google Domains, received $ 6,006.13 (“google” spelled-out numerically). Google doubled the amount when Ved donated his reward to charity.

Facebook, Google, and Microsoft all offer notable bug bounty programs, but smaller companies are increasingly seeing a lot of success as well. As we like to say, it’s always better to find and fix a security bug before it becomes a problem, and rewarding researchers with bounties costs peanuts compared to the cost of cleaning up a security disaster.



VentureBeat

Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

The Final Cut Reviews; Deet n Bax Save th’ World – A Stoner Comedy Starring Jason Mewes, Craig Michaelson and Weston Cage.
Deet n Bax Save the World Movie Starring Jason Mewes Premier on 4/20/2015 in Portland
Feature Film “Deet n Bax Save the World” Starring Jason Mewes to be Released on 4/20/2015 ”Deet n Bax Save the World” an Action Stoner Comedy starring Jason Mewes produced by TruEarth Entertainment.
TruEarth Entertainment to Deliver First Feature Film Starring Jason Mewes
Deet n Bax Save the World Movie – Sex, Guns & Weed!
Deet n Bax Save the World wrapped on November 4th!
Deet n Bax Save the World resumes filming this Monday in Portland Oregon!
Deet and Bax Save The World Movie Resumes Filming Soon!
Toto Wolff accuses Red Bull of ‘purposely’ killing Max Verstappen’s car to prove point
Putin’s power ‘will fall apart in hours’, claims exiled Russian novelist
Four dead as 6.8 magnitude earthquake hits Ecuador with tremors felt in Peru
Why new and seasoned wildlife lovers are flocking to free app Birda
OpenAI unleashes GPT-4, SVB files for bankruptcy, and a PE firm acquires Pornhub

Leave a Reply

Your email address will not be published. Required fields are marked *