Google Paid Over $1.5 Million In Bug Bounties In 2014

Mobile apps developed by Google now included in its Vulnerability Reward Program.

Dark Reading Staff, Dark Reading

January 31, 2015

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Google last year doled out more than $1.5 million to security researchers who rooted out vulnerabilities in its open-source software and web services.

The search engine giant today released a 2014 postmortem of its Security Reward Programs, which includes its Vulnerability Reward Program. The top-dollar reward of 2014 went to George Hotz, who earned a $150,000 reward from Google for finding flaws in the Chrome operating system. Hotz was later hired as an intern with the Project Zero team at Google.

Google last year awarded bug bounties for more than 500 vulnerabilities found by some 200 security researchers. "For Chrome, more than half of all rewarded reports for 2014 were in developer and beta versions," Google security engineer Eduardo Vela Nava wrote in a blog post today. "We were able to squash bugs before they could reach our main user population."

And now mobile apps are up for grabs as well: any Google-developed mobile apps on Google Play and iTunes are now part of the Vulnerability Reward Program.

Google also has rolled out an experimental research grant program to help researchers offset the cost of the increasingly more difficult task of finding serious bugs. "These are up-front awards that we will provide to researchers before they ever submit a bug," Vela Nava says.

The company will designate which types of vulnerabilities and which products and services are eligible for the grants, which could be as high as $3,133.70. "We'll award grants immediately before research begins, with no strings attached. Researchers then pursue the research they applied for, as usual," according to Vela Nava.  

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights