To close out the week that Google spun out of Safer Internet Day, the company summarized the progress of its Vulnerability Reward Program in 2018. In total, $3.4 million in rewards were issued last year to 317 security researchers from around the world.

The Google Vulnerability Reward Program has paid out $15 million since launching in 2010. Last year, half of the $3.4 million went towards Android and Chrome, the company’s most user-facing platforms.

The goal of the program is simple: encourage researchers to report issues so that we can fix them quickly and keep users’ data secure. We also provide financial rewards for bug reporters, ranging from $100 to $200,000, based on the risk level of their discovery.

There were 1,319 individual rewards to 317 paid researchers in 78 countries. The biggest single reward was to the tune of $41,000, while $181,000 in total was donated to charity. Google goes on to name a few of the researchers in its yearly recap:

Thanks to researchers from all around the world, we’ve been able to patch all different types of bugs. Ezequiel Pereira, a 19-year-old researcher from Uruguay, uncovered a Remote Code Execution “RCE” bug that allowed him to gain remote access to our Google Cloud Platform console. Tomasz Bojarski from Poland discovered a bug related to Cross-site scripting (XSS), a type of security bug that can allow an attacker to change the behavior or appearance of a website, steal private data or perform actions on behalf of someone else. Tomasz was last year’s top bug hunter and used his reward money to open a lodge and restaurant. After Dzmitry Lukyanenka, a researcher from Minsk, Belarus, lost his job, he began bug-hunting full-time and became part of our VRP grants program, which provides financial support for prolific bug-hunters over time.

Google Vulnerability Reward Program 2018

Meanwhile, Google last year also launched Security and Privacy research awards. Winners are selected by a Google committee of senior security and privacy researchers to “recognize academics who have made major contributions to the field.” There are seven winners in various fields, with Google donating half a million dollars to their universities.

Google itself this week announced a new Chrome extension to find compromised passwords on third-party sites, detailed how TensorFlow is blocking 100 million more spam messages a day in Gmail, and introduced Adiantum to bring storage encryption to low-power Android devices.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author