Google’s Payout to Bug Hunters Hits All-time high of $6.7 Million


    Google announced on 4th February 2021 that it has paid over $6.7 million in reward to 662 security researchers across 62 countries for catching bugs in Android, Chrome, and its other services. The amount is the highest Google paid out that it has given under its Vulnerability Research Program (VRP) since initiating it in 2010.

    “The incredibly hard work, dedication, and expertise of our researchers in 2020 resulted in a record-breaking payout of over $6.7 million in rewards,” Google said in a blog post.

    Google’s Vulnerability Reward Program

    Most of last year’s bug prizes were granted in the Chrome VRP (Vulnerabilities Rewards Program), which gave more than $2.1 million to security researchers for 300 bugs recognized in the platform’s flagship browser.

    The company has also paid $1.74 million in rewards in the Android Vulnerability Reward Program and over $50,000 as an Android 11 developer preview bonus which enabled the company to fix problems before officially releasing Android 11. The company also rewarded another $270,000 to Android researchers around the world as a part of the Developer Data Protection Reward Program and Google Play Security Rewards Program.

    Some of the other highlights that were listed by Google are as follows:

    • Guang Gong and his squad at 360 Alpha Lab, Qihoo 360 Technology Co. Ltd., identified a 1-click remote root exploit targeting current Android devices. They maintain the leading Android payout of $161,337 and another $40,000 from Chrome VRP for their 2019 exploit.
    • A Researcher also identified another 2 exploits and is presently on the all-time top spot with a huge $400,000 payout.
    • The company has also inaugurated several pilot rewards programs in numerous areas of interest, comprising Android Auto OS, writing fuzzers for Android code, and a reward program for Android chipsets.

    The company also delivered $400,000 in grants to more than 180 security researchers last year, who identified 200 bugs that resulted in 100 confirmed vulnerabilities in Google products and the open-source ecosystem. Of all grants awarded, one-third were given in response to the Covid-19 pandemic.

    Recent Articles

    Related Stories