Google paid $ 3.4 million in bonuses for security flaws discovered in 2018

In a statement released on February 11, Google said that by the end of last year, they had spent huge amounts of money, up to more than $ 15 million in bonuses for the payout program. security error (applied since November 2010).Accordingly, in 2018 alone, the company awarded more than $ 3.4 million to 317 security researchers with security holes on the Google service they discovered, slightly up from the figure. $ 2.9 million that the company gave 274 researchers in 2017. Especially last year, Google awarded half of the awards - $ 1.7 million to researchers who found and reported losses Security flaws appear in Android and Chrome.

Google paid $ 3.4 million in bonuses for security flaws discovered in 2018 Picture 1

1. Has Google solved the "gluttonous" RAM problem of Chrome browser?

The bonus program for detecting security flaws is a great idea, contributing to helping service providers utilize resources from the community to improve their products.It can be said that this is a kind of civilized cooperation, mutually beneficial.Specifically, this program will help motivate individuals and groups of hackers to not only find security holes, but also reveal how to exploit or fix these vulnerabilities properly, instead of take advantage of them for personal gain, violate the law or, worse, sell them to black organizations.In general, the cost of rewarding security researchers is often nothing compared to damage as well as the amount of money spent to fix the consequences that the vulnerability causes.

Google's bonus for security flaws ranges from $ 100 to $ 200,000, based on the level of risk and severity that the vulnerability could cause.In 2018, the biggest bonus for a security bug was found at $ 41,000.

In its announcement, Google also shared three interesting stories that were recorded in the bonus program that discovered its security flaws as follows:

1. Ezequiel Pereira, a young researcher (19) from Uruguay, discovered that Remote Code Execution (RCE) allowed him to access the remote Google Cloud Platform control panel.
2. Tomasz Bojarski of Poland discovered a cross-site scripting - XSS error.This type of security error can allow an attacker to change the behavior or appearance of the site, steal private data or perform actions on behalf of the user without permission from them. .In particular, Tomasz Bojarski is also known as a leading "hunter" security bug of Google.He used all his bonuses in 2018 to open a motel and small business restaurant.
3. Dzmitry Lukyanenka, an amateur security expert from Minsk, Belarus, was awarded 1,337 USD for discovering many small errors.After losing his job, he began spending his free time hunting for security holes, and gradually became part of Google's VRP program, a program that provides Financial support solutions for error-free full-time bug hunters, even if they don't find any errors.

Google paid $ 3.4 million in bonuses for security flaws discovered in 2018 Picture 2

1. Google will start deleting photos, comments, pages and more on Google+ from April

Google's bonus security bug hunting program has grown very quickly and has received a positive response from users since it officially went into operation more than 7 years ago, as evidenced by the daily bonus The increase is increased after each year.

The Google security group will not continue to extend the program to more service platforms, and will also offer more attractive bonuses, such as a bonus of up to $ 100,000 for Who hacked successfully Chromebook and $ 200,000 if successfully hacked Android.

Google paid $ 3.4 million in bonuses for security flaws discovered in 2018 Picture 3

In November last year, Google announced security and privacy research awards to recognize the achievements of scholars who have made a major contribution to the field through research projects. their.On behalf of scholars, Google is also a unit that provides financial support to universities to promote the development of security research with a total value of more than $ 500,000.

1. Google launches a "god" Password Checkup utility that makes your passwords more secure