from the give-1000-please dept.
Bug bounty programs are designed to sic security researchers on software and pay them to find vulnerabilities and report back to the sponsor. In return, the researchers are richly rewarded for their findings. In fact, Google's bug bounty paid out a hefty $2.9 million in bug bounties in 2017.
Rewards can range from $500 to $100,000 or more depending on the type of bug and the amount of time spent. There are a number of programs, including the Vulnerability Research Grants Program and Patch Rewards Program. The former paid out a total of $125,000 to 50 researchers around the world in 2017, while the latter paid a total of $50,000 to improve security in open-source software.
The largest award of the year was $112,500, a nice chunk of change, for tracking down a Pixel phone exploit as part of the Android Security Rewards Program. This is serious money, and bug bounty hunters serve a key role in the software security ecosystem, helping to ferret out some of the worst vulnerabilities before hackers can exploit them.