Short Bytes: Google runs a Vulnerability Reward Program as an attempt to find bugs in its products with the help of researchers and give them cash rewards in return. Last year’s reward program received contributions from around 350 researchers. Google gave more than $3 million as cash reward prizes, and the highest reward was of $100,000.
You might have read about Google’s year in review for search results and play store. Google also acknowledges the researchers and bug bounty hunter who help the company find vulnerabilities in their products. In return, they get cash rewards from the Mountain View as a part of their Vulnerability Reward Program which began in 2010.For the year 2016, the Vulnerability Reward Program (VRP) was a host to than 350 security researchers from 59 nations around the globe. Google says the company gave more than 1000 individual cash prizes totaling to $ 3 million. The highest only reward offered was of $100,000. Also, out of the $3 million, the cash rewards for Android and Chrome platforms were around $1 million each.
Many of the researchers, who got cash for the vulnerability they reported, didn’t keep the amount for themselves. More than $130,000 out of the total reward amount was donated to charity. Google mentions the example of Jon Sawyer – based in Clallam County, Washington – who donated his $8,000 cash reward to the local Olympics team in his area.
Google’s another reward category is the Chrome Fuzzer Program, where fuzzers are run by people on Google hardware to find vulnerabilities in Google Chrome web browser, and cash rewards are given. The program, an invite-only, opened for public participation last year and included in the VRP. Other new inclusions to the reward program are onHub and Nest devices.
Here is a reward for reading this story:
If you have something to add, drop your thoughts in the comments.
Bonus video:
