Google rewards $2.9 million under its Bug Bounty Program
Google has announced on its official Security Blog that the company paid out $2.9 million to security researchers in 2017 under its Bug Bounty Program. The program rewards users for informing Google about any kind of a flaw or vulnerability in the company's products and services. The Bug Bounty Program covers various Google products, Chrome, Android, and even the Play Store.
The largest single reward amounted to $112,500
The largest single reward under the program last year amounted to $112,500, as compared to $100,000 in 2016. It was won by a security researcher named Guang Gong, who found a sophisticated bug in Chrome on Google's Pixel phones. Another researcher named 'gzobqq' who identified security vulnerabilities in Google Chrome's guest mode received a reward of $100,000.
Bug Bounty rewards depend on the type of bug found
Rewards under Google's Bug Bounty Program can vary from $500 to $100,000 or more depending on the type of bug. Some sub-categories in the program include the Vulnerability Research Grants Program and the Patch Rewards Program. "We're also introducing a new category that includes vulnerabilities that could result in the theft of users' private data. We'll award $1,000 for these bugs," Google said.
Bug bounty programs help companies quickly learn about product flaws
Bug bounty programs provide companies with a chance to learn about the flaws in their products and patch the holes in a quick manner. Incentivizing people to find bugs is also a smart way to ensure that vulnerabilities are not exploited. Other big companies that run bug bounty programs include Facebook, GM, Airbnb, Mastercard and even the Pentagon.
