Tech giant Google paid out almost $3 million to security researchers in 2017 as rewards for the vulnerabilities they found in its products and services. Around $1.1 million each was paid for bug reports specific to Google and Android products while Chrome awards accounted for the rest of the Vulnerability Reward Program.
“We awarded researchers more than $1 million for vulnerabilities they found and reported in Google products, and a similar amount for Android as well. Combined with Chrome awards, we awarded nearly $3 million to researchers for their reports,” Jan Keller, a member of Google’s Vulnerability Reward Program (VRP) wrote in a blog post late on Thursday.
“We also awarded $125,000 to over 50 security researchers from all around the world through our Vulnerability Research Grants Program and $50,000 to the hard-working folks who improve the security of open-source software as part of our Patch Rewards Program,” Keller added.
The largest single payment of $112,500 went to independent researcher Guang Gong for outlining an exploit chain on Pixel phones as part of the Android Security Rewards Program. The Pixel was the only device that was not exploited during last year’s annual ‘Mobile Pwn2Own’ competition and Guang’s report helped strengthen its protections further.
‘Pwn2Own’ is a hacking contest held annually at the CanSecWest security conference where contestants are challenged to exploit widely-used software and mobile devices with previously unknown vulnerabilities.