Google spent $2 million last year to reward over 300 bounty hunters and security researchers who were able to discover vulnerabilities within the search engine, totalling a staggering $6 million since 2010.
Google extended its Vulnerability Reward Program to Android in June and already paid more than $200,000 to experts who worked on the mobile platform. Part of that amount, $1,337, went to Joshua Drake, a researcher at Zimperium zLabs, famous for the discovery of Stagefright vulnerabilities.
Google’s security reward program paid out over 750 rewards in 2015. Amongst all the paid-outs, the funniest episode, related to the reward assigned to Tomasz Bojarski – one of the most prolific bug bounty hunter of 2015 – has seen a payment because Tomasz had found a security flaw in the very Google’s web form to report security flaws.
In the Google’s reward “chart” also figures Sanmay Ved, famous for buying the “google.com” domain through the sales service of the company’s own domain in October 2015. Sanmay only owned Google’s domain for 60 seconds before the company proceeded to annul the sale; still Google maintained its word and gave him $6,006.13 (which funnily enough equals to the spelling of “google” in numerals) as a just reward. At the time of the episode, Sanmay refused to say how much Google was going to pay him as a reward, but he declared to Business Insider that the amount was “more than 10,000”.
What in fact happened after Sanmay was rewarded with over $6,000, was that Sanmay had asked Google to donate the money to the Art of Living India Foundation charity. The company then decided to double the reward amount and donate it to that same Indian organization, which manages 404 free schools spread over 18 states.
Google has also recently started issuing vulnerability research grants in order to extend and encourage participation from a wider spectrum of IT experts: this will guarantee that a lot more people will be able to get paid just for trying to find bugs and flaws, not just the lucky ones who have actually succeeded in their search for vulnerabilities.
An example of this new rewarding method is the discovery made by the Russian Kamil Histamullin who found a critical bug in YouTube Creator Studio. The bug could have potentially caused the deletion of YouTube videos by any of the video sharing website. Kamil, thanks to his discovery, earned $5,000 on top of his initial grant.
Good news for PC wizards. Get down to work!