Google revealed the value of the financial rewards that I paid last year to security researchers to inform them about the gaps in all of the company’s products and services, amounting to 6.5 million dollars.
This number is twice what the company paid in the previous year, as it was about $ 3.4 million in 2018,
which represents the great interest of Google in terms of the security of its services and users.
Altogether, Google has spent $ 21 million in bonuses for security researchers since 2010.
Details of those bonuses, as $ 2.1 million Google paid for gaps in its products, as well as $ 1.9 million for Android bugs and $ 1 million for Chrome bugs.
It paid $ 800,000 for holes in Play.
The significant growth in the size of Google’s rewards for their product vulnerabilities comes because they are paying more to discover the single vulnerability,
some of the rewards tripled,
and the serious vulnerabilities reward reached 30 thousand dollars per loophole.
Google also expanded the security rewards program for Google Play to include applications that have more than 100 million installations,
and during the second half of the year alone, it paid $ 650,000 in rewards.
In addition to these rewards, there is a million-dollar prize for those who discover a series of loopholes that are linked together and allow remote control of the Android system.
Since 2010, we have expanded our VRPs to cover additional Google product areas, including Chrome, Android, and most recently Abuse. We’ve also expanded to cover popular third party apps on Google Play,
helping identify and disclose vulnerabilities to impacted app developers. Since then we have paid out more than $21 million in rewards*.
As we have done in years past, we are sharing our 2019 Year in Review across these programs.