Google rewards $2.9 million under its Bug Bounty Program
What's the story
Google has announced on its official Security Blog that the company paid out $2.9 million to security researchers in 2017 under its Bug Bounty Program. The program rewards users for informing Google about any kind of a flaw or vulnerability in the company's products and services. The Bug Bounty Program covers various Google products, Chrome, Android, and even the Play Store.
Details
The largest single reward amounted to $112,500
The largest single reward under the program last year amounted to $112,500, as compared to $100,000 in 2016. It was won by a security researcher named Guang Gong, who found a sophisticated bug in Chrome on Google's Pixel phones. Another researcher named 'gzobqq' who identified security vulnerabilities in Google Chrome's guest mode received a reward of $100,000.
Bug Bounty
Bug Bounty rewards depend on the type of bug found
Rewards under Google's Bug Bounty Program can vary from $500 to $100,000 or more depending on the type of bug. Some sub-categories in the program include the Vulnerability Research Grants Program and the Patch Rewards Program. "We're also introducing a new category that includes vulnerabilities that could result in the theft of users' private data. We'll award $1,000 for these bugs," Google said.
Background
Bug bounty programs help companies quickly learn about product flaws
Bug bounty programs provide companies with a chance to learn about the flaws in their products and patch the holes in a quick manner. Incentivizing people to find bugs is also a smart way to ensure that vulnerabilities are not exploited. Other big companies that run bug bounty programs include Facebook, GM, Airbnb, Mastercard and even the Pentagon.