The Google Bounty program provides financial compensation to finders of vulnerabilities. The program had a record payout in 2019. With over 6.5 million dollars (5.9 million euros) in payouts, Google had to pay out twice as much compared to 2018.
The Google Vulnerability Reward Program (VRP) was created ten years ago, Google made it possible for experts to make money on detecting vulnerabilities so that Google can patch them up. The compensation is to prevent malicious parties from finding a vulnerability and exploiting it.
In ten years, Google has paid out over 21 million dollars, with more than a quarter of that amount in 2019. In total, 461 researchers got paid for finding vulnerabilities, with the largest payout to Guang Gong of Alpha Lab. The expert found a vulnerability in the Pixel 3 smartphone and received no less than 200.000 dollars. The largest part came from the Android Security Reward program (over one hundred and sixty thousand dollars), 40.000 dollars came from the Chrome Rewards Program.
Google increases payouts
The amount of 200.000 dollars is a nice payout, but Google will increase the amounts that can be earned. Researchers who find a vulnerability in the Titan M security chip that can be used to bypass the chip will receive as much as a million dollars. Those who find vulnerabilities in the preview versions (for developers) of Android can count on a 50 per cent bonus. So if you find a Titan M vulnerability in the preview build of the OS, you can expect a considerable 1.5 million dollars.
The reason for an extra high reward for finding vulnerabilities in the Titan M chip is not strange. Since the chip was named the strongest integrated security method in 2019, Google needs to retain that title.