Page Loader
Google rewards $2.9 million under its Bug Bounty Program

Google rewards $2.9 million under its Bug Bounty Program

Feb 10, 2018
12:10 am

What's the story

Google has announced on its official Security Blog that the company paid out $2.9 million to security researchers in 2017 under its Bug Bounty Program. The program rewards users for informing Google about any kind of a flaw or vulnerability in the company's products and services. The Bug Bounty Program covers various Google products, Chrome, Android, and even the Play Store.

Details

The largest single reward amounted to $112,500

The largest single reward under the program last year amounted to $112,500, as compared to $100,000 in 2016. It was won by a security researcher named Guang Gong, who found a sophisticated bug in Chrome on Google's Pixel phones. Another researcher named 'gzobqq' who identified security vulnerabilities in Google Chrome's guest mode received a reward of $100,000.

Bug Bounty

Bug Bounty rewards depend on the type of bug found

Rewards under Google's Bug Bounty Program can vary from $500 to $100,000 or more depending on the type of bug. Some sub-categories in the program include the Vulnerability Research Grants Program and the Patch Rewards Program. "We're also introducing a new category that includes vulnerabilities that could result in the theft of users' private data. We'll award $1,000 for these bugs," Google said.

Background

Bug bounty programs help companies quickly learn about product flaws

Bug bounty programs provide companies with a chance to learn about the flaws in their products and patch the holes in a quick manner. Incentivizing people to find bugs is also a smart way to ensure that vulnerabilities are not exploited. Other big companies that run bug bounty programs include Facebook, GM, Airbnb, Mastercard and even the Pentagon.