Half of Google’s $3.four million vulnerability rewards went to Android and Chrome bugs in 2018

Posted on

Half of Google’s $3.four million vulnerability rewards went to Android and Chrome bugs in 2018

To shut out the week that Google spun out of Safer Web Day, the corporate summarized the progress of its Vulnerability Reward Program in 2018. In whole, $3.four million in rewards had been issued final yr to 317 safety researchers from around the globe.

The Google Vulnerability Reward Program has paid out $15 million since launching in 2010. Final yr, half of the $3.four million went in direction of Android and Chrome, the corporate’s most user-facing platforms.

The objective of this system is straightforward: encourage researchers to report points in order that we are able to repair them rapidly and maintain customers’ information safe. We additionally present monetary rewards for bug reporters, starting from $100 to $200,000, based mostly on the chance stage of their discovery.

There have been 1,319 particular person rewards to 317 paid researchers in 78 nations. The most important single reward was to the tune of $41,000, whereas $181,000 in whole was donated to charity. Google goes on to call a number of of the researchers in its yearly recap:

Because of researchers from all around the globe, we’ve been in a position to patch all various kinds of bugs. Ezequiel Pereira, a 19-year-old researcher from Uruguay, uncovered a Distant Code Execution “RCE” bug that allowed him to realize distant entry to our Google Cloud Platform console. Tomasz Bojarski from Poland found a bug associated to Cross-site scripting (XSS), a sort of safety bug that may permit an attacker to vary the conduct or look of an internet site, steal personal information or carry out actions on behalf of another person. Tomasz was final yr’s prime bug hunter and used his reward cash to open a lodge and restaurant. After Dzmitry Lukyanenka, a researcher from Minsk, Belarus, misplaced his job, he started bug-hunting full-time and have become a part of our VRP grants program, which offers monetary help for prolific bug-hunters over time.

Google Vulnerability Reward Program 2018

In the meantime, Google final yr additionally launched Safety and Privateness analysis awards. Winners are chosen by a Google committee of senior safety and privateness researchers to “acknowledge lecturers who’ve made main contributions to the sphere.” There are seven winners in numerous fields, with Google donating half 1,000,000 {dollars} to their universities.

Google itself this week introduced a brand new Chrome extension to seek out compromised passwords on third-party websites, detailed how TensorFlow is obstructing 100 million extra spam messages a day in Gmail, and launched Adiantum to carry storage encryption to low-power Android units.


Take a look at 9to5Google on YouTube for extra information:

Gravatar Image
I like technology, hopefully I can provide useful information for viewers

Leave a Reply

Your email address will not be published. Required fields are marked *