Google has been rewarding for years for finding vulnerabilities in some of its products. Having started the program in November of 2010, the company has recognized that it has paid almost 12 million dollars to the researchers in information security, 2.9 million per year, according to what it showed yesterday.
Google paid a total of 274 researchers in information security last year, with one of them, Guang Gong, taking $112,500 to report a chain of exploits that could be used to compromise Pixel devices, which replaced to the Nexus and consequently tend to be the first to receive the latest updates for Android. The search engine and the mentioned operating system each generated 1.1 million dollars in rewards, while the browser, Chrome, generated the rest of the total amount given in 2017. As per report by various information security companies like WebImprints.
Another of the highlighted vulnerabilities of 2017 was discovered by a researcher acting under the pseudonym of gzobqq, who received a reward of $100,000 for a string of failures through five components that opened the door to remote code execution on Chrome. OS, the Google operating system for the desktop. For his part, Alex Birsan discovered that anyone could have access to the internal data of Google Issue Tracker, something for which he was rewarding with $15,600.
Through its Vulnerability Research Scholarship Program, the giant gave $125,000 to 50 researchers in information security from around the world, while giving another $ 50,000 to improve the security of Open Source software as part of its Patch Rewards Program. Discovering security problems that affect Android has become a priority for Google for years, so it rewarded with between 1,000 and 5,000 dollars to those who discovered remote code executions in applications hosted in the Play Store.
Although the total amount paid in 2017 may seem high, the reality is that it is slightly lower than last year, when Google paid in total 3 million dollars. On the other hand, the company has announced for this year a new category with rewards of $ 1,000 for researchers in information security that covers vulnerabilities that could end up in the theft of private data of the user, information transmitted without encryption or failures that result in access to protected components of the applications.