2017 was a big year for security research in technology, just as it is every year. With the much publicised 'Meltdown' and 'Spectre' CPU vulnerabilities and countless other lesser-known security bugs, researchers had their work cut out uncovering these flaws before anyone with more nefarious intentions could.
Google does its bit to compensate the research community for their hard work in keeping its users protected. In a recent blog post, the company released some numbers for the 2017 Vulnerability Rewards Program while also paying tribute to the dedicated researchers. Google paid out a total of $2.9 million as part of the program, to individuals and teams in 60 different countries.
Around $1.1 million dollars each was paid for bug reports specific to Google and Android products, with Chrome awards accounting for the rest of it. More than $160,000 of all that cash made its way straight to charities. Google has paid out nearly $12 million since the program's inception in 2010, proving an ever-present commitment to security. The Vulnerability Research Grants Program alone awarded $125,000 payments to more than 50 researchers, while $50,000 each was given to open-source developers signed up to the Patch Rewards Program.
The largest single payment to an independent researcher went to Guang Gong, who received $112,500 for his discovery of a Pixel phone exploit as part of the Android Security Rewards Program. A researcher with the moniker "gzobqq" was the next best rewarded, getting $100,000 with the pwnium award for a chain of bugs in Chrome OS.
There's no doubting these researchers are worthy recipients of such rewards, and here's hoping they all continue their fine work in 2018 and beyond.
- Google Security Blog