More than $6,5 million was paid by Google to researchers for reporting security flaws. Payments were made for the year in 2019 and lie in the reward program vulnerabilityof the company (VRP).
Rewards paid for errors and disclosed through Google VRP range from $ 100 to $ 31.337, which can increase dramatically for exploit chains.
An example is his case Alpha Lab Guang Gong which raised $ 201.337 for an exploit chain that executed code remotely on Pixel 3 devices.
The amount paid as his rewards VRP program by Google, almost doubled for 2019 compared to the $ 3,4 million paid respectively in 2018 or the total amount paid each year since the program began in 2010.
Η Google has expanded the VRP program and now covers almost all of its products. It rewards those who discover it vulnerabilities στο Chrome, στο Android, στις πιο δημοφιλείς εφαρμογές τρίτου μέρους στο Google Play etc.
In total, the company paid 461 security investigators during 2019, with Gong's reward being the largest single payment ever made.
Over the past 9 years, the company has rewarded researchers with approximately $ 15 million for vulnerabilities reported through the VRP program.