More than $ 6,5 million has been paid by Google to investigators for reporting security bugs. The payments were made for the year 2019 and are part of the company's Vulnerability Reward Program (VRP).
Rewards paid for errors and disclosed through Google VRP range from $ 100 to $ 31.337, which can increase dramatically for exploit chains.
An example is his case Alpha Lab Guang Gong which raised $ 201.337 for an exploit chain that executed code remotely on Pixel 3 devices.
The amount paid as his rewards VRP program by Google, almost doubled for 2019 compared to the $ 3,4 million paid respectively in 2018 or the total amount paid each year since the program began in 2010.
Η Google has expanded the VRP program and now covers almost all the products της. Επιβραβεύει χρηματικά όσους ανακαλύψουν ευπάθειες στο Chrome, στο Android, στις πιο δημοφιλείς applications third party on Google Play etc.
In total, the company paid 461 security investigators during 2019, with Gong's reward being the largest single payment ever made.
Over the past 9 years, the company has rewarded researchers with approximately $ 15 million for vulnerabilities reported through the VRP program.