Security experts from 62 nations were paid more than $6.7 million (nearly Rs. 49 crore) by Google for identifying susceptibilities in Google products last year. Google has successfully managed to run the Vulnerability Reward Programs (VRPs) for ten years and the company has paid nearly $28 million to the security experts for spotting the vulnerabilities in Google products.
Google stated this week that “the incredibly hard work, dedication, and expertise of our researchers in 2020 resulted in a record-breaking payout of over $6.7 million in rewards, with an additional $280,000 given to charity. Following our increase in exploit payouts in November 2019, we received a record 13 working exploit submissions in 2020, representing over $1 million in exploit reward payouts”.
According to the company, Guang Gong (@oldfresher) and the team of experts at the 360 Alpha Lab at Chinese cybersecurity firm Qihoo 360 discovered 30% of the total number of Android vulnerabilities as a part of the bug bounty program. The latest vulnerability spotted by this group is a 1-click remote root exploit in Android, Google said this team still hold the record for receiving the highest Android payout ($161,337) for spotting the vulnerability in 2019.
Last year, the tech giant paid $50,000 to the security experts for spotting the flaws in Android developer preview and introduced bounty programs for Android Auto OS, Android chipsets, and for writing fuzzers for Android code. In Google Play, Google expanded the standard for certified Android apps to incorporate apps utilizing the Exposure Notification API and executing contact tracing to fight Covid-19.
Apart from bounty rewards, over 180 security researchers have received more than $400,000 from Google in the form of grants for submitting 200 bug reports that resulted in 100 confirmed susceptibilities in Google products and the open-source ecosystem. The other notable tech firms that have a similar bug bounty reward program are Facebook, OnePlus, Qualcomm, Mozilla, Microsoft, and Reddit.
Source: E Hacking news