Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


$3 Million Paid by Google in the 2016 Vulnerability Reward Program

In 2016 alone Google has paid out $3 million to security researchers and bug hunters who have reported vulnerabilities in their services. More than 350 researchers from 59 countries took part in the program.

We created our Vulnerability Rewards Program in 2010 because researchers should be rewarded for protecting our users. Their discoveries help keep our users, and the internet at large, as safe as possible.

According to the blog released on January 30, 2017, more than 1,000 flaws were reported. The single highest payout was $100,000, meaning that the corresponding vulnerability must have been quite a serious one.

2016 has definitely been a success story to bug hunters. In comparison, Google paid about $2 million in 2015, making 2016 a profitable business for independent researchers hunting for vulnerabilities. Plus, Google has increased the minimum payout last year, in some cases by 50%.

Related: $4.3 Million Paid Out by Facebook’s Bug Bounty Program

What’s New in Google’s Vulnerability Rewards Program?

Google opened up Chrome’s Fuzzer Program and made it available to the public:

Previously by-invitation only, we opened up Chrome’s Fuzzer Program to submissions from the public. The program allows researchers to run fuzzers at large scale, across thousands of cores on Google hardware, and receive reward payments automatically.

2016 also saw an increase in activity on behalf of Android researchers:

On the product side, we saw amazing contributions from Android researchers all over the world, less than a year after Android launched its VRP. We also expanded our overall VRP to include more products, including OnHub and Nest devices.

Related: Previously Patched Facebook Remote Code Execution Bug Deemed Exploitable

Bug bounty programs have provided a quite sufficient way of living to many white hats and independent researchers. Since the initiation of the program in 2010, more than $9 million have been paid out.

Google’s team is very appreciative of all the individual contributions to the VRP program. The company is looking forward to working with everyone and is welcoming new researchers to participate in 2017 and beyond.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Newsletter
Subscribe to receive regular updates about the state of PC Security and latest threads.

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.