Google Coughts Up $1m For Each Chrome And Android Bug In 2016

Google paid nearly $1 million (£792,300) per vulnerability uncovered in Android and Chrome in 2016, demonstrating that tech savvy people can reap benefits from the search company’s Vulnerability Rewards Program (VRP).

A total of $3 million (£2.3m) was rewarded to bug hunting people in 2016, and since its launch in 2010, $9 million (£7.1m) has been handed out.

Google bug bounty

In its review of the VRP, Google noted it has issues over 1,000 individual rewards to some 350 people, across 59 countries, who have contributed to spotting major flaws in its Android and Chrome platforms, with a hefty $100,00 (£79,230) being awarded to a single person.

“We created our Vulnerability Rewards Program in 2010 because researchers should be rewarded for protecting our users. Their discoveries help keep our users, and the internet at large, as safe as possible,” said Eduardo Vela Nava VRP Technical Lead and so-called Master of Disaster at Google.

“The amounts we award vary, but our message to researchers does not; each one represents a sincere ‘thank you’.”

Nava also highlighted some of the standout aspects of security work the VRP has facilitated.

“Previously by-invitation only, we opened up Chrome’s Fuzzer Program to submissions from the public. The program allows researchers to run fuzzers [a software testing techniques that provide often automated invalid, random or unexpected data inputs to a computer program] at large scale, across thousands of cores on Google hardware, and receive reward payments automatically,” he said.

“On the product side, we saw amazing contributions from Android researchers all over the world, less than a year after Android launched its VRP. We also expanded our overall VRP to include more products, including OnHub and Nest devices.

“We increased our presence at events around the world, like pwn2own and Pwnfest. The vulnerabilities responsibly disclosed at these events enabled us to quickly provide fixes to the ecosystem and keep customers safe. At both events, we were able to close down a vulnerability in Chrome within days of being notified of the issue.”

Bug bounties are increasingly part of the cyber security landscape, and now form part of the toolset of even established security firms such as the Kaspersky Lab.

Are you a security pro? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Malicious Online Ad Campaign Steals User Logins

'Magnat' malicious advertising campaign uncovered by Cisco Talos has been stealing login credentials and other…

22 hours ago

Waymo, Nuro Launch Robo-Delivery Services In California

Cruise starts robo-delivery service in Mountain View as Waymo plans limited trial of grocery-delivery service…

23 hours ago

NSO Spyware ‘Used To Hack US Diplomats’

Apple alerts employees of US State Department of hacking by NSO Group's controversial Pegasus spyware…

23 hours ago

Starlink Plans Services In India As SpaceX Breaks Launch Record

Starlink to apply for commercial licence to provide satellite broadband services in India, as parent…

24 hours ago

Musk Tesla Share Sale Surpasses $10bn

Elon Musk's Tesla share sell-off surpasses $10 billion as it reaches into fourth consecutive week,…

1 day ago

Uber To Pay $9m Settlement Over Safety Reporting Failure

Uber agrees to pay $9 million to settle dispute with California regulators over its failure…

1 day ago