Google Coughts Up $1m For Each Chrome And Android Bug In 2016

Google paid nearly $1 million (£792,300) per vulnerability uncovered in Android and Chrome in 2016, demonstrating that tech savvy people can reap benefits from the search company’s Vulnerability Rewards Program (VRP).

A total of $3 million (£2.3m) was rewarded to bug hunting people in 2016, and since its launch in 2010, $9 million (£7.1m) has been handed out.

Google bug bounty

In its review of the VRP, Google noted it has issues over 1,000 individual rewards to some 350 people, across 59 countries, who have contributed to spotting major flaws in its Android and Chrome platforms, with a hefty $100,00 (£79,230) being awarded to a single person.

“We created our Vulnerability Rewards Program in 2010 because researchers should be rewarded for protecting our users. Their discoveries help keep our users, and the internet at large, as safe as possible,” said Eduardo Vela Nava VRP Technical Lead and so-called Master of Disaster at Google.

“The amounts we award vary, but our message to researchers does not; each one represents a sincere ‘thank you’.”

Nava also highlighted some of the standout aspects of security work the VRP has facilitated.

“Previously by-invitation only, we opened up Chrome’s Fuzzer Program to submissions from the public. The program allows researchers to run fuzzers [a software testing techniques that provide often automated invalid, random or unexpected data inputs to a computer program] at large scale, across thousands of cores on Google hardware, and receive reward payments automatically,” he said.

“On the product side, we saw amazing contributions from Android researchers all over the world, less than a year after Android launched its VRP. We also expanded our overall VRP to include more products, including OnHub and Nest devices.

“We increased our presence at events around the world, like pwn2own and Pwnfest. The vulnerabilities responsibly disclosed at these events enabled us to quickly provide fixes to the ecosystem and keep customers safe. At both events, we were able to close down a vulnerability in Chrome within days of being notified of the issue.”

Bug bounties are increasingly part of the cyber security landscape, and now form part of the toolset of even established security firms such as the Kaspersky Lab.

Are you a security pro? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Russia Accused Of Cyberattack On Germany’s Ruling Party, Defence Firms

German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…

15 hours ago

Alphabet Axes Hundreds Of Staff From ‘Core’ Organisation

Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…

16 hours ago

Apple Announces Record Share Buyback, Amid iPhone Sales Decline

Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…

20 hours ago

Tesla Backs Away From Gigacasting Manufacturing – Report

Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant

2 days ago

US Urges No AI Control Of Nuclear Weapons

No skynet please. After the US, UK and France pledge human only control of nuclear…

2 days ago