When it comes to her bug bounty programs, Google is quite generous. Last year alone, the company spent $ 6,5 million as a reward to researchers who discovered vulnerabilities, almost double the $ 3,4 million it spent in 2018. The biggest reward touched $ 201.337 and was awarded to Guang Gong Alpha , who discovered a great vulnerability in Pixel 3.
Google Vulnerability Rewards Programs (VRPs) have been in existence since 2010 and are designed to reward researchers for discovering errors and faults that Google may not have realized. This program has of course been extended to other products, including Chrome and Android, while last year the company expanded its security reward range Google Playto include not only the top eight applications, but any application that has more than 100 million installations. That amount reached $ 650.000 in rewards in the second half of 2019. Overall, Google has paid more than $ 21 million since its VRPs were launched.
While this is quite a large amount, it is a perfectly normal move, since the company cannot find all the vulnerabilities that may exist in its products. Being generous with its rewards on the other hand motivates security researchers to be more efficient.
It comes as no surprise, then, that other companies have followed suit. THE Tesla gives big cash prizes - even cars - to anyone who can break a car's security system while bug bounty program Apple offers payments of up to $ 1 million. While the technology is getting into more and more areas of our daily lives and hackers As they continue to evolve their techniques, it is likely that more and more companies will adopt the bug bounties.