Our Vulnerability Incentive Programs were created to incentive researchers for protecting customers by telling us concerning the security bugs they discover. Their discoveries help keep our own users, and the internet in particular, safe. We look forward to much more collaboration in 2020 plus beyond.
2019 has been another record-breaking 12 months for us, thanks to our experts! We paid out over $6. 5 million in benefits, doubling what we’ve actually paid in a single year. Simultaneously our researchers decided to contribute an all-time-high of $250, 000 to charity this season. That’s 5x the amount we now have ever previously donated in one year. Thanks so much for the hard work and generous providing!
Since the year 2010, we have expanded our VRPs to cover additional Google item areas, including Chrome, Google android, and most recently Abuse. Coming from also expanded to cover well-known third party apps on Google Perform, helping identify and reveal vulnerabilities to impacted application developers. Since then we have paid more than $21 million within rewards*. As we have done in many years past, we are sharing the 2019 Year in Review throughout these programs.
What’s changed previously year?
- Chrome’s VRP increased its reward pay-out odds by tripling the maximum primary reward amount from $5, 000 to $15, 500 and doubling the maximum prize amount for high quality reviews from $15, 000 in order to $30, 000. The additional reward given to bugs found simply by fuzzers running under the Chromium Fuzzer Program is also duplicity to $1, 000. More information can be found in their program rules web page .
- Android os Security Rewards expanded the program with new take advantage of categories and higher advantages. The top prize is now $1,000,000 for a full chain remote control code execution exploit along with persistence which compromises the particular Titan M secure component on Pixel devices. And when you achieve that exploit upon specific developer preview variations of Android, we’re including in a 50% bonus, the top prize $1. five million. See our program guidelines page for more information around our new make use of categories and rewards.
- Abuse VRP involved in outreach and education to improve researchers awareness about the system, presenting an overview of our Misuse program in Australia, Malaysia, Vietnam, the UK and US.
- The Google Play Protection Reward Program expanded scope to any software with over 100 mil installs, resulting in over 650 dollar, 000 in rewards within the second half of 2019.
- The Developer Data Safety Reward Program was launched in 2019 to recognize and mitigate data misuse issues in Android applications, OAuth projects, and Stainless- extensions.
*The total quantity was updated on The month of january 28; it previously stated we paid out more than $15 million in rewards.