Google paid $ 3.4 million in bonuses for security flaws discovered in 2018
In a statement released on February 11, Google said that by the end of last year, they had spent huge amounts of money, up to more than $ 15 million in bonuses for the payout program. security error (applied since November 2010).Accordingly, in 2018 alone, the company awarded more than $ 3.4 million to 317 security researchers with security holes on the Google service they discovered, slightly up from the figure. $ 2.9 million that the company gave 274 researchers in 2017. Especially last year, Google awarded half of the awards - $ 1.7 million to researchers who found and reported losses Security flaws appear in Android and Chrome.
- Has Google solved the "gluttonous" RAM problem of Chrome browser?
The bonus program for detecting security flaws is a great idea, contributing to helping service providers utilize resources from the community to improve their products.It can be said that this is a kind of civilized cooperation, mutually beneficial.Specifically, this program will help motivate individuals and groups of hackers to not only find security holes, but also reveal how to exploit or fix these vulnerabilities properly, instead of take advantage of them for personal gain, violate the law or, worse, sell them to black organizations.In general, the cost of rewarding security researchers is often nothing compared to damage as well as the amount of money spent to fix the consequences that the vulnerability causes.
Google's bonus for security flaws ranges from $ 100 to $ 200,000, based on the level of risk and severity that the vulnerability could cause.In 2018, the biggest bonus for a security bug was found at $ 41,000.
In its announcement, Google also shared three interesting stories that were recorded in the bonus program that discovered its security flaws as follows:
- Ezequiel Pereira, a young researcher (19) from Uruguay, discovered that Remote Code Execution (RCE) allowed him to access the remote Google Cloud Platform control panel.
- Tomasz Bojarski of Poland discovered a cross-site scripting - XSS error.This type of security error can allow an attacker to change the behavior or appearance of the site, steal private data or perform actions on behalf of the user without permission from them. .In particular, Tomasz Bojarski is also known as a leading "hunter" security bug of Google.He used all his bonuses in 2018 to open a motel and small business restaurant.
- Dzmitry Lukyanenka, an amateur security expert from Minsk, Belarus, was awarded 1,337 USD for discovering many small errors.After losing his job, he began spending his free time hunting for security holes, and gradually became part of Google's VRP program, a program that provides Financial support solutions for error-free full-time bug hunters, even if they don't find any errors.
- Google will start deleting photos, comments, pages and more on Google+ from April
Google's bonus security bug hunting program has grown very quickly and has received a positive response from users since it officially went into operation more than 7 years ago, as evidenced by the daily bonus The increase is increased after each year.
The Google security group will not continue to extend the program to more service platforms, and will also offer more attractive bonuses, such as a bonus of up to $ 100,000 for Who hacked successfully Chromebook and $ 200,000 if successfully hacked Android.
In November last year, Google announced security and privacy research awards to recognize the achievements of scholars who have made a major contribution to the field through research projects. their.On behalf of scholars, Google is also a unit that provides financial support to universities to promote the development of security research with a total value of more than $ 500,000.
- Google launches a "god" Password Checkup utility that makes your passwords more secure
You should read it
- Apple announced a new, more diverse level of security bug detection bonus
- Microsoft rewards $ 250,000 for any talent that discovers the new Meltdown and Specter vulnerabilities
- Apple expanded the size of the security bug detection program to receive bonuses, including macOS, a maximum bonus of $ 1 million
- Post-thanks corner: Google, Microsoft award millions of dollars to white-hat hackers, Toyota, NEC say 'thank you'
- You will receive $ 7000 right from OnePlus if you do this
- IBM developed a new technology to patch security holes
- Endpoint Detection and Response threats, an emerging security technology
- Overview of building enterprise security detection and response system
- Find security holes on every site with Nikto
- Which smartwatches and fitness trackers have fall detection?
- All about Nmap
- Photo processing bonus hegemony, extremely funny
Maybe you are interested
Should I buy a USB, Bluetooth or NFC security key?
4 Security Steps to Follow When Using Remote Access Applications
Series of DrayTek router models have security holes
If you have an AMD CPU, install this important security update!
Roundup of new Chrome features and security updates
Google releases emergency security patch, fixes 4 security flaws on Chrome