latest
Google celebrates 10 years of bugs, and 10 years of paying people to find them
With leaderboards, badges, swag, and educational resources for the bug bounty program
Google launched its bug bounty program more than ten years ago now, and it's safe to say it's been a big success. Last year alone, the company paid out a whopping $6.7 million to independent researchers who discovered issues with its products. As it heads into its second decade, Google's Vulnerability Rewards Program (or VRP) has shared some details surrounding its accomplishments, along with a major reinvention of the entire platform.
Google paid independent researchers $6.7 million last year to make its products more secure
Just barely up from $6.5 million last year
Google, like many big tech companies, runs a bug bounty program that allows independent researchers (and anyone, really) to spot issues, submit details, and get some money for their trouble. Google even publishes its numbers yearly as proof for the cash being doled out, and the company just published its 2020 numbers.
Last year, Google seriously stepped up the payouts and categories for its bug bounty programs, and that investment appears to be paying dividends — not just for Google, but for security researchers, too. The company is currently celebrating its most prolific payouts ever for the Vulnerability Reward Program (read: Google's bug bounty), handing out over $6.5 million in rewards. Google claims this is twice as much as the company has ever given out in a previous year — not quite true according to 2018's numbers.
For all the incredible things technology has enabled us to do — especially over the last decade — the code that powers it isn't perfect. Features break, hackers exploit vulnerabilities, and scammers manipulate users for access to personal data. To help combat the digital threats that could impede its devices, OnePlus is launching its own two-stage bug bounty program.
OnePlus just published a recap of its second "Open Ears Forum" from all the way back in May. At the event, it gathered a handful of developers and fans central to the OnePlus community to solicit their feedback. Four months later, the company has revealed a set of changes influenced by that feedback, including more timely kernel sources for Open Betas and a new bounty program for reporting vulnerabilities. Most importantly for customers, though, OnePlus has promised to finally fix how aggressive its software is at killing apps in the background.
Google has long maintained various reward programs for its own apps and services like Chrome and Android. However, most independent developers can't afford to run a similar program. Today, Google is stepping in to support Android app security with the Google Play Security Rewards Program. It's like Google's bug bounties, but for third-party apps.
Most major tech companies offer 'bug bounties' for major security flaws found in their products. For Google, a company dedicated to cloud services and internet-connected hardware, the bounties ensure its products are as safe as possible. Now Google is increasing the rewards for certain vulnerabilities.
If you want to find weaknesses in your vault or safe, it couldn't hurt to hire a thief to try and break into it. If you want to do the same thing for your brand new system-on-a-chip, the same principle applies to hackers and security experts. So goes the thinking behind Qualcomm's latest outreach to the security industry: a bug bounty program offering prizes of up to $15,000 for disclosed vulnerabilities in the company's Snapdragon chipsets and LTE modems.