Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Google Paid Out $3.4 Million for Vulnerabilities Reported in 2018

Google revealed recently that it paid out a total of $3.4 million for flaws reported in 2018 by researchers through its Vulnerability Reward Program (VRP).

The $3.4 million was awarded for 1,319 reports submitted by 317 researchers from 78 countries. The largest single reward was $41,000 and $181,000 were donated to charity, the company said.

Google revealed recently that it paid out a total of $3.4 million for flaws reported in 2018 by researchers through its Vulnerability Reward Program (VRP).

The $3.4 million was awarded for 1,319 reports submitted by 317 researchers from 78 countries. The largest single reward was $41,000 and $181,000 were donated to charity, the company said.

According to the Internet giant, it awarded $1.7 million for flaws affecting the Android mobile operating system and the Chrome web browser. The total paid out since the launch of the VRP in 2010 has reached $15 million.

In comparison, Google paid out a total of $2.9 million in 2017 – roughly $2.2 million for Chrome and Android weaknesses – and the single biggest reward was $112,500.

One of the researchers whose work has been highlighted by Google is 19-year-old Ezequiel Pereira from Uruguay. Pereira discovered a remote code execution vulnerability that provided remote access to the Google Cloud Platform console. This and other flaws he reported in the first months of 2018 earned the expert over $36,000.

“Tomasz Bojarski from Poland discovered a bug related to Cross-site scripting (XSS), a type of security bug that can allow an attacker to change the behavior or appearance of a website, steal private data or perform actions on behalf of someone else. Tomasz was last year’s top bug hunter and used his reward money to open a lodge and restaurant,” Google said in a blog post. “After Dzmitry Lukyanenka, a researcher from Minsk, Belarus, lost his job, he began bug-hunting full-time and became part of our VRP grants program, which provides financial support for prolific bug-hunters over time.”

The company has also announced the winners of its Security and Privacy Research Awards, a project whose goal is to recognize the contributions made by security and privacy experts in academia. Seven experts have been declared winners for 2018 and their universities will receive financial contributions totaling over half a million dollars.

Google announced a few months ago that its bug bounty program had been expanded to include techniques that can be used to bypass the company’s abuse detection systems. The rewards for these types of reports are up to $5,000.

Advertisement. Scroll to continue reading.

Related: Facebook Paid Out $1.1 Million in Bug Bounties in 2018

Related: Facebook and Google Launch Asia-Pacific Bug Hunting Conference

Related: XS-Search Flaw Found in Google’s Issue Tracker

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights