Slash Boxes

SoylentNews is people

posted by mrpg on Thursday February 08 2018, @04:07PM   Printer-friendly
from the give-1000-please dept.

Bug bounty programs are designed to sic security researchers on software and pay them to find vulnerabilities and report back to the sponsor. In return, the researchers are richly rewarded for their findings. In fact, Google's bug bounty paid out a hefty $2.9 million in bug bounties in 2017.

Rewards can range from $500 to $100,000 or more depending on the type of bug and the amount of time spent. There are a number of programs, including the Vulnerability Research Grants Program and Patch Rewards Program. The former paid out a total of $125,000 to 50 researchers around the world in 2017, while the latter paid a total of $50,000 to improve security in open-source software.

The largest award of the year was $112,500, a nice chunk of change, for tracking down a Pixel phone exploit as part of the Android Security Rewards Program. This is serious money, and bug bounty hunters serve a key role in the software security ecosystem, helping to ferret out some of the worst vulnerabilities before hackers can exploit them.

Source: TechCrunch

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday February 08 2018, @06:30PM

    by Anonymous Coward on Thursday February 08 2018, @06:30PM (#635095)

    These same exploits, are worth ten times more in the least. Why would you choose to cooperate with the enemies of life (Google/Doubleclick and their handler, the american state) , when the alternative is more profitable?

    Hopefully they only sold the weak and lame ones, and kept the best for themselves.