Google today announced it has Google has announced it has paid out over $4 million since launching its bug bounty program in 2010. In the last year alone, the company paid more than 200 different researchers more than $1.5 million for more than 500 bugs.
To celebrate, Google is expanding the scope of its Vulnerability Reward Program. The company will now accept submissions, and thus pay bounties when it deems valid, for its Android and iOS mobile applications.
The company points to the respective pages on Google Play and Apple’s App Store where the publisher is “Google Inc.” This would suggest that apps the company has acquired from other companies (Nest, for example) are the only ones not included.
Furthermore, Google is also launching a new experimental program called Vulnerability Research Grants. The company says its own security work is making it harder for independent researchers to find bugs, so it wants to provide up-front awards before security researchers ever submit a bug.
The program will work as follows:
- Google will publish different types of vulnerabilities, products and services for which it wants to support research beyond its normal vulnerability rewards.
- Grants will be rewarded immediately before research begins, with no strings attached. Researchers then pursue the research they applied for, as usual.
- There will be various tiers of grants, with a maximum of $3,133.70 USD.
- On top of the grant, researchers are still eligible for regular rewards for the bugs they discover.
Keep in mind, however, that Google says this program is “experimental.” In other words, it could be disappear one day without much fanfare.
Google’s innovative search technologies connect millions of people around the world with information every day. Founded in 1998 by Stanford Ph.D. students Larry Page and Sergey Brin, Google today is a top web property in all major glob… read more »
Powered by VBProfiles