More than $6,5 million was paid by Google to researchers to report security bugs. The payments were made for the year 2019 and are under the company's Vulnerability Reward Program (VRP).
The amount of rewards paid for errorand disclosed through Google's VRP, range from $100 to $31.337, which can increase drastically for exploit chains.
An example is his case Alpha Lab Guang Gong who received $ 201.337 for an exploit chain that executed code remotely in Appliances pixel 3
The amount paid as his rewards VRP program by Google, almost doubled for 2019 compared to the $ 3,4 million paid respectively in 2018 or the total amount paid each year since the program began in 2010.
Η Google has expanded the VRP program και πλέον καλύπτει σχεδόν όλα τα προϊόντα της. Επιβραβεύει χρηματικά όσους ανακαλύψουν ευπάθειες στο Chrome, στο Android, στις πιο δημοφιλείς εφαρμογές τρίτου μέρους στο Google Play etc.
In total, the company paid 461 security investigators during 2019, with Gong's reward being the largest single payment ever made.
Over the past 9 years, the company has rewarded researchers with approximately $ 15 million for vulnerabilities reported through the VRP program.