More than $ 6,5 million has been paid by Google to investigators for reporting security bugs. The payments were made for the year 2019 and are part of the company's Vulnerability Reward Program (VRP).
Rewards paid for errors and disclosed through Google VRP range from $ 100 to $ 31.337, which can increase dramatically for exploit chains.
An example is his case Alpha Lab Guang Gong which raised $ 201.337 for an exploit chain that executed code remotely on Pixel 3 devices.
The amount paid as his rewards VRP program by Google, almost doubled for 2019 compared to the $ 3,4 million paid respectively in 2018 or the total amount paid each year since the program began in 2010.
Η Google has expanded the VRP program and now covers almost all of its products. Rewards those who discover vulnerabilities in Chrome, Android, the most popular third-party applications on Google Play, etc.
In total, the company paid 461 security investigators during 2019, with Gong's reward being the largest single payment ever made.
Over the past 9 years, the company has rewarded researchers with approximately $ 15 million for vulnerabilities reported through the VRP program.