It’s not just hackers who can rake in big bucks from flaws and vulnerabilities. They can also be profitable for the more benevolent people who participate in the tech giants’ bug hunting.
In 2021 alone, Google paid almost $9 million to researchers in its VRP program (Vulnerability Reward Programs).
Almost $9 million paid to researchers
Faced with growing threats, the sums paid to vulnerability hunters are constantly increasing. In 2021 alone, Google paid them 8.7 million dollars (7.6 million euros), or 2 million more than the previous year. The 696 researchers rewarded for discovering bugs and software flaws on Android, Google Chrome and the brand’s other web services have also donated $300,000 of this amount to charities of their choice.
Of this total amount, almost $3.3 million has been allocated to Chrome vulnerabilities, of which $3.1 million relates to the web browser and $250,000 to Chrome OS. Next comes Android with $2.9 million paid out to contributors (compared to $1.74 million in 2020). However, some faults yield more others. A report of a major Android flaw turned into a nice $157,000 check for one of the hunters. On the side of Chrome OS the best bonus was 45,000 dollars and 27,000 dollars on Chrome. If 2021 will have been prolific for security researchers, Google is proud that no one has pocketed the $ 1.5 million reward that will be paid to anyone who faults their Titan-M security chip, present in Pixel smartphones.
Source: 9to5Google
11