Bugs cost Google $2.9 mln in 2017 – News

Google said on Wednesday that it had paid out US $2.9 million in 2017 as part of its bug bounty program that rewards researchers for their vulnerability reports. Since launching the program in November 2010, Google said it has paid out almost $12 million to security researchers.

Here’s what it said on its official blog post:

2017, By the Numbers

Here’s an overview of how we rewarded researchers for their reports to us in 2017:

We awarded researchers more than 1 million dollars for vulnerabilities they found and reported in Google products, and a similar amount for Android as well. Combined with our Chrome awards, we awarded nearly 3 million dollars to researchers for their reports last year, overall.

Drilling-down a bit further, we awarded $125,000 to more than 50 security researchers from all around the world through our Vulnerability Research Grants Program, and $50,000 to the hard-working folks who improve the security of open-source software as part of our Patch Rewards Program.