More than 6,5 millions dollars paid by Google to researchers for reporting security bugs. The payments were made for the year 2019 and are under the company's Vulnerability Reward Program (VRP).
The reward amounts paid for bugs, disclosed through Google's VRP, range from $100 to $31.337, which can increase dramatically for exploit chains (chain farms).
An example is his case Alpha Lab Guang Gong which raised $ 201.337 for an exploit chain that executed code remotely on Pixel 3 devices.
The amount paid as his rewards VRP program by Google, almost doubled for 2019 compared to the $ 3,4 million paid respectively in 2018 or the total amount paid each year since the program began in 2010.
Η Google has expanded the VRP program and now covers almost all of its products. It rewards those who discover vulnerabilities in Chrome, at Android, στις πιο δημοφιλείς applications third party on Google Play etc.
In total, the company paid 461 security investigators during 2019, with Gong's reward being the largest single payment ever made.
Over the past 9 years, the company has rewarded researchers with approximately $ 15 million for vulnerabilities reported through the VRP program.