Google paid more than $6.7 million (nearly Rs 49 crore) to 662 security researchers from 62 countries for spotting vulnerabilities in Google products last year. The figure was up from $6.5 million the tech giant paid in bug bounty rewards in 2019.
“The incredibly hard work, dedication, and expertise of our researchers in 2020 resulted in a record-breaking payout of over $6.7 million in rewards, with an additional $280,000 given to charity,” Google has said in a statement. In the Android Vulnerability Reward Programme (VRP), Google paid out $1.74 million in rewards. “Following our increase in exploit payouts in November 2019, we received a record 13 working exploit submissions in 2020, representing over $1 million in exploit reward payouts,” the company said.
In Chrome, Google increased reward amounts in July 2019 and as a result, “2020 has seen us pay out 83 per cent more than 2019, totalling $2.1 million across 300 bugs”. In Google Play, Google expanded the criteria for qualifying Android apps to include apps utilising the Exposure Notification API and performing contact tracing to help combat Covid-19. Besides reward payouts, Google also awarded over $400,000 in grants to more than 180 security researchers around the world last year, and they submitted 200 bug reports that yielded 100 confirmed vulnerabilities in Google products and the open-source ecosystem.