Google has spent $2 million in bug bounty rewards over three years

Google has announced that it has doled out $2 million in three years as rewards to security researchers for reporting more than 2,000 bugs using the Internet giant’s multiple bug bounty programs.

The company launched its Chromium and Google Web Vulnerability Reward Programs three years ago with the intention of protecting its users as well as maintaining a good rapport with security researchers, wrote Chris Evans and Adam Mein in a blog post. The company has rewarded security researchers with over $2 million – a million dollars more than what Facebook has spent on its year-old program – within three years.

Google doles out money to security researchers (Image credit: Getty Images)

The breakdown splits the amount right down the middle for the Chromium VRP/ Pwnium rewards and for the Google Web VRP rewards. The company also announced that it was stepping up the bug hunting game now. Previously, if hunting a bug earned you $1,000, you would stand to receive $5,000 now. Essentially, Google is increasing the reward amount by up to five times for spotting bugs. Google also has better plans, “We’ll issue higher rewards for bugs we believe present a more significant threat to user safety, and when the researcher provides an accurate analysis of exploitability and severity,” the duo wrote in the blog. “We will continue to pay previously announced bonuses on top, such as those for providing a patch or finding an issue in a critical piece of open source software.”

Having a fund just for bug bounties seem to be the great new way for Internet powerhouses like Facebook and Twitter. Sites like these are constantly struggling with niggles – both big and small – and try as much as they can; the in-house security team can never spot and fix all these problems. The White Hats enter the picture here. Ethical hackers who’re either regular on the site or are like the assassins-on-hire of the Internet era can help these companies spot and fix potentially damaging bugs, for a price.

Facebook too has an ultra successful bug bounty project that has seen $1 million being rewarded to researchers across the globe. India ranks high on the charts of countries that are reporting most bugs and taking a shot at these reward amounts.