Google Coughts Up $1m For Each Chrome And Android Bug In 2016

Google paid nearly $1 million (£792,300) per vulnerability uncovered in Android and Chrome in 2016, demonstrating that tech savvy people can reap benefits from the search company’s Vulnerability Rewards Program (VRP).

A total of $3 million (£2.3m) was rewarded to bug hunting people in 2016, and since its launch in 2010, $9 million (£7.1m) has been handed out.

Google bug bounty

In its review of the VRP, Google noted it has issues over 1,000 individual rewards to some 350 people, across 59 countries, who have contributed to spotting major flaws in its Android and Chrome platforms, with a hefty $100,00 (£79,230) being awarded to a single person.

“We created our Vulnerability Rewards Program in 2010 because researchers should be rewarded for protecting our users. Their discoveries help keep our users, and the internet at large, as safe as possible,” said Eduardo Vela Nava VRP Technical Lead and so-called Master of Disaster at Google.

“The amounts we award vary, but our message to researchers does not; each one represents a sincere ‘thank you’.”

Nava also highlighted some of the standout aspects of security work the VRP has facilitated.

“Previously by-invitation only, we opened up Chrome’s Fuzzer Program to submissions from the public. The program allows researchers to run fuzzers [a software testing techniques that provide often automated invalid, random or unexpected data inputs to a computer program] at large scale, across thousands of cores on Google hardware, and receive reward payments automatically,” he said.

“On the product side, we saw amazing contributions from Android researchers all over the world, less than a year after Android launched its VRP. We also expanded our overall VRP to include more products, including OnHub and Nest devices.

“We increased our presence at events around the world, like pwn2own and Pwnfest. The vulnerabilities responsibly disclosed at these events enabled us to quickly provide fixes to the ecosystem and keep customers safe. At both events, we were able to close down a vulnerability in Chrome within days of being notified of the issue.”

Bug bounties are increasingly part of the cyber security landscape, and now form part of the toolset of even established security firms such as the Kaspersky Lab.

Are you a security pro? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Intel Adds Two Chip Veterans To Board, Amid Search For New CEO

Two chip veterans named for Intel's board of directors, amid reports of expertise gap after…

23 hours ago

Waymo To Expand Ride-Hailing Service To Miami

Another major city in the United States is to receive Alphabet's Waymo ride-hailing service, with…

23 hours ago

Meta To Spend $10 Billion On Largest Data Centre To Date

Facebook parent confirms its 23rd data centre in the US will be located in Louisiana,…

2 days ago

Musk’s Neuralink Animal Lab Cited For ‘Objectionable Conditions’

Federal regulator reportedly cites animal lab at Elon Musk's Neuralink for “objectionable conditions or practices”

2 days ago

Trump Nominates Cryptocurrency Advocate Paul Atkins As SEC Chair

President-elect Donald Trump nominates a new chairman to head the SEC, who is a noted…

2 days ago