In 2015 alone, the company paid more than 300 different security researchers over USD 2 million for finding more than 750 bugs.
Bug bounty programs are an excellent addition to existing internal security programs. They help motivate individuals and groups of hackers not only to find flaws, but to disclose them properly when they do, instead of using them maliciously or selling them to parties that will.
Google’s bug bounty program has been growing since its inception. The company has paid out more money and fixed more bugs every year since its debut. In response, Google’s security team has expanded the program time and time again to encompass more products and offer more lucrative rewards.
In January 2015, Google expanded the scope to include its Android and iOS mobile apps and began offering security grants (up-front awards before security researchers ever submit a bug). In June 2015, Google started awarding security rewards for Android devices. By the end of 2015, Google said it had already paid more than USD 200,000 to researchers for their work, including the company’s largest single payment: USD 37,500.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now