Mobile apps developed by Google now included in its Vulnerability Reward Program.
Google last year doled out more than $1.5 million to security researchers who rooted out vulnerabilities in its open-source software and web services.
The search engine giant today released a 2014 postmortem of its Security Reward Programs, which includes its Vulnerability Reward Program. The top-dollar reward of 2014 went to George Hotz, who earned a $150,000 reward from Google for finding flaws in the Chrome operating system. Hotz was later hired as an intern with the Project Zero team at Google.
Google last year awarded bug bounties for more than 500 vulnerabilities found by some 200 security researchers. "For Chrome, more than half of all rewarded reports for 2014 were in developer and beta versions," Google security engineer Eduardo Vela Nava wrote in a blog post today. "We were able to squash bugs before they could reach our main user population."
And now mobile apps are up for grabs as well: any Google-developed mobile apps on Google Play and iTunes are now part of the Vulnerability Reward Program.
Google also has rolled out an experimental research grant program to help researchers offset the cost of the increasingly more difficult task of finding serious bugs. "These are up-front awards that we will provide to researchers before they ever submit a bug," Vela Nava says.
The company will designate which types of vulnerabilities and which products and services are eligible for the grants, which could be as high as $3,133.70. "We'll award grants immediately before research begins, with no strings attached. Researchers then pursue the research they applied for, as usual," according to Vela Nava.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024