Google paid $6.7 million to bug bounty hunters in 2020

by | Feb 5, 2021

google bug bounty rewards

Post Views: 522

style="display:block" data-ad-client="ca-pub-6620833063853657" data-ad-slot="8337846400" data-ad-format="auto" data-full-width-responsive="true">
 
 
 

 

 

Reading Time: 1 Minute

 

 

Google said today it paid more than $6.7 million in bug bounty rewards to 662 security researchers across 62 countries for submitting vulnerability reports in Google products last year.

 

 

 
  

 

The figure, up from the $6.5 million the company paid in 2019, is the company’s largest prize pool paid to security researchers to date.

Most of last year’s bug prizes were awarded in the Chrome VRP (Vulnerabilities Rewards Program), which handed out more than $2.1 million to security researchers for 300 bugs identified in Google’s flagship browser.

Another major VRP was the company’s Android programs. Google said it gave out $1.74 million for bugs discovered in the Android OS code and another $270,000 in the Google Play VRP for bugs found in the Play Store’s most popular and widely used Android apps.

 

 

 
See Also: Android devices ensnared in DDoS botnet, Matryosh

 

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

 

Among the Android VRP’s main highlights last year, Google listed the following:

  • We awarded our first-ever Android 11 developer preview bonus, which paid out over $50,000 across 11 reports. This allowed us to patch the issues proactively before the official release of Android 11.

  • Guang Gong (@oldfresher) and his team at 360 Alpha Lab, Qihoo 360 Technology Co. Ltd., now hold a record eight exploits (30% of the all-time total) on the leaderboard. Most recently, Alpha Lab submitted an impressive 1-click remote root exploit targeting recent Android devices. They maintain the top Android payout ($161,337, plus another $40,000 from Chrome VRP) for their 2019 exploit.

 

 

See Also: Offensive Security Tool: JTR – John the Ripper

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

 

  • Another researcher submitted an additional two exploits and is vying for the top all-time spot with an impressive $400,000 in all-time exploit payouts.

  • We launched a number of pilot rewards programs to guide security researchers toward additional areas of interest, including Android Auto OS, writing fuzzers for Android code, and a reward program for Android chipsets.

On top of these, Google also said more than $400,000 were sent to security researchers through its research grant program that the company uses to fund innovative areas of security research.

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

See Also:SolarWinds Supply Chain Hack – The hack that shone a light on the gaps in the cybersecurity of governments and big companies

 

 
 

More than 180 security researchers received grants last year, which submitted back 200 bug reports that yielded 100 confirmed vulnerabilities in Google products and the open-source ecosystem.

This year will mark the Google VRP’s 10th anniversary.

 
 

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

 

Source: www.zdnet.com

 

 

 
(Click Link)

 

 

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This