Google has paid security researchers over $6 million in 6 years


Products You May Like

Google sign Vince Smith Flickr

Google today announced it has paid out over $ 6 million since launching its bug bounty program in 2010. In the past year alone, the company paid more than 300 different security researchers over $ 2 million for finding more than 750 bugs.

Bug bounty programs are an excellent addition to existing internal security programs. They help motivate individuals and groups of hackers not only to find flaws, but to disclose them properly when they do, instead of using them maliciously or selling them to parties that will.

Google’s bug bounty program has been growing since its inception. The company has paid out more money and fixed more bugs every year since its debut. In response, Google’s security team has expanded the program time and time again to encompass more products and offer more lucrative rewards.


Indeed, in January 2015, Google expanded the scope to include its Android and iOS mobile apps and began offering security grants (up-front awards before security researchers ever submit a bug). One example of the latter at work: After receiving a grant, security researcher Kamil Histamullin found an issue in YouTube Creator Studio which would have enabled anyone to delete any video from YouTube by simply changing a parameter from the URL. The bug was fixed and Histamullin received $ 5,000 in addition to his initial research grant.

Then in June 2015, Google started awarding security rewards for Android devices. By the end of the year, Google said it had already paid more than $ 200,000 to researchers for their work, including the company’s largest single payment: $ 37,500.

Google also shared two interesting stories about its bug bounty program in 2015:

  • Tomasz Bojarski, the most prolific researcher of the year, found 70 bugs on Google in 2015. He even found a bug in Google’s vulnerability submission form.
  • Sanmay Ved, a researcher who bought for one minute on Google Domains, received $ 6,006.13 (“google” spelled-out numerically). Google doubled the amount when Ved donated his reward to charity.

Facebook, Google, and Microsoft all offer notable bug bounty programs, but smaller companies are increasingly seeing a lot of success as well. As we like to say, it’s always better to find and fix a security bug before it becomes a problem, and rewarding researchers with bounties costs peanuts compared to the cost of cleaning up a security disaster.


Products You May Like

Articles You May Like

The Final Cut Reviews; Deet n Bax Save th’ World – A Stoner Comedy Starring Jason Mewes, Craig Michaelson and Weston Cage.
Deet n Bax Save the World Movie Starring Jason Mewes Premier on 4/20/2015 in Portland
Feature Film “Deet n Bax Save the World” Starring Jason Mewes to be Released on 4/20/2015 ”Deet n Bax Save the World” an Action Stoner Comedy starring Jason Mewes produced by TruEarth Entertainment.
TruEarth Entertainment to Deliver First Feature Film Starring Jason Mewes
Deet n Bax Save the World Movie – Sex, Guns & Weed!
Deet n Bax Save the World wrapped on November 4th!
Deet n Bax Save the World resumes filming this Monday in Portland Oregon!
Deet and Bax Save The World Movie Resumes Filming Soon!

Leave a Reply

Your email address will not be published. Required fields are marked *