Stories
Slash Boxes
Comments

SoylentNews is people

Google's Bug Bounty Programs Paid Out Almost $3M in 2017

posted by mrpg on Thursday February 08 2018, @04:07PM   Printer-friendly
from the give-1000-please dept.

Fnord666 writes:

Bug bounty programs are designed to sic security researchers on software and pay them to find vulnerabilities and report back to the sponsor. In return, the researchers are richly rewarded for their findings. In fact, Google's bug bounty paid out a hefty $2.9 million in bug bounties in 2017.

Rewards can range from $500 to $100,000 or more depending on the type of bug and the amount of time spent. There are a number of programs, including the Vulnerability Research Grants Program and Patch Rewards Program. The former paid out a total of $125,000 to 50 researchers around the world in 2017, while the latter paid a total of $50,000 to improve security in open-source software.

The largest award of the year was $112,500, a nice chunk of change, for tracking down a Pixel phone exploit as part of the Android Security Rewards Program. This is serious money, and bug bounty hunters serve a key role in the software security ecosystem, helping to ferret out some of the worst vulnerabilities before hackers can exploit them.

Source: TechCrunch

Original Submission

 
This discussion has been archived. No new comments can be posted.
Google's Bug Bounty Programs Paid Out Almost $3M in 2017 | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Touché) by MichaelDavidCrawford on Thursday February 08 2018, @05:22PM (3 children)

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Thursday February 08 2018, @05:22PM (#635038) Homepage Journal

    By reporting security holes these alleged researchers deny important tools to America's intelligence agencies. By giving aid and comfort to the enemy they commit treason and therefore should face the firing squad

    --
    Yes I Have No Bananas. [gofundme.com]
    Starting Score:    1  point
    Moderation   +1  
       Touché=1, Total=1
    Extra 'Touché' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by DannyB on Thursday February 08 2018, @06:36PM (1 child)

    by DannyB (5839) Subscriber Badge on Thursday February 08 2018, @06:36PM (#635102) Journal

    By reporting security holes these alleged researchers deny important tools to America's intelligence agencies.

    They should be a hero for that.

    Publishing a vulnerability protects our country. Mass economic damage could arise to the level of a national security issue.

    Doesn't NSA have two missions? Tap enemy signals. Protect our own signals.

    By publishing you just helped in that 2nd mission.

    The truly observant might notice that techniques to achieve both of NSA's two missions are in direct conflict. Anything that helps one of the missions hinders the other. A masterpiece of insanity. Something only the government could achieve.

    --
    The lower I set my standards the more accomplishments I have.

  • (Score: 0) by Anonymous Coward on Thursday February 08 2018, @07:15PM

    by Anonymous Coward on Thursday February 08 2018, @07:15PM (#635132)

    Without those tools, our government makes mistakes that are bigger and more frequent. It is really important to know what is going on around the world.

    I work on this. (BTW, we're hiring low-level hackers) It feels great to support America.