Google’s Payout to Bug Hunters Hits All-time high of $6.7 Million


    Google announced on 4th February 2021 that it has paid over $6.7 million in reward to 662 security researchers across 62 countries for catching bugs in Android, Chrome, and its other services. The amount is the highest Google paid out that it has given under its Vulnerability Research Program (VRP) since initiating it in 2010.

    “The incredibly hard work, dedication, and expertise of our researchers in 2020 resulted in a record-breaking payout of over $6.7 million in rewards,” Google said in a blog post.

    Google’s Vulnerability Reward Program

    Most of last year’s bug prizes were granted in the Chrome VRP (Vulnerabilities Rewards Program), which gave more than $2.1 million to security researchers for 300 bugs recognized in the platform’s flagship browser.

    The company has also paid $1.74 million in rewards in the Android Vulnerability Reward Program and over $50,000 as an Android 11 developer preview bonus which enabled the company to fix problems before officially releasing Android 11. The company also rewarded another $270,000 to Android researchers around the world as a part of the Developer Data Protection Reward Program and Google Play Security Rewards Program.

    Some of the other highlights that were listed by Google are as follows:

    • Guang Gong and his squad at 360 Alpha Lab, Qihoo 360 Technology Co. Ltd., identified a 1-click remote root exploit targeting current Android devices. They maintain the leading Android payout of $161,337 and another $40,000 from Chrome VRP for their 2019 exploit.
    • A Researcher also identified another 2 exploits and is presently on the all-time top spot with a huge $400,000 payout.
    • The company has also inaugurated several pilot rewards programs in numerous areas of interest, comprising Android Auto OS, writing fuzzers for Android code, and a reward program for Android chipsets.

    The company also delivered $400,000 in grants to more than 180 security researchers last year, who identified 200 bugs that resulted in 100 confirmed vulnerabilities in Google products and the open-source ecosystem. Of all grants awarded, one-third were given in response to the Covid-19 pandemic.

    Recent Articles

    Weekly Newsletter (25th Apr’ 21 to 1st May’ 21)

      Here’s the Weekly Newsletter from 25th April’ 2021 to 1st May’ 2021: 1. Moolympics #3: Diversity, Equity, and Inclusion through UX - Moolya Software Testing Private...

    OpKey University launched to provide advanced automation testing training

      Opkey announced on 26th April 2021 that the company has launched its own "Opkey University". According to OpKey University, software testing is a critical...

    Cypress 7.2.0 released with New Features and Bugfixes recently released Cypress 7.2.0 version, the new version comes with various bug fixes and new features. Users can now navigate through folders in...

    Moolympics #3: Diversity, Equity, and Inclusion through UX

      Moolya Software Testing Private Limited recently launched Moolympics which is a monthly competition series that covers different skills, values, cultures you bring to the...

    Weekly Newsletter (18th Apr’ 21 to 24th Apr’ 21)

      Here’s the Weekly Newsletter from 4th April’ 2021 to 10th April’ 2021: 1. OpKey launches Industry’s First Marketplace for ERP Test Automation - Opkey recently launched...

    Related Stories

    Stay on op - Ge the daily news in your inbox