It might seem impossible but tech giants like Google pay off the big sum of money to the researchers who find a bug in their system and report it to them. Google had recently revealed that the company had paid a sum of $6.5 million to the researchers who have helped the company in fixing minor and major vulnerabilities last year. In 2018, the company claimed to have paid $3.4 million which is half the amount paid the last year.
Google created a vulnerability program known as VRP (Vulnerability Reward Program). The aim of creating the program is to reward the researchers for finding the security breach left out of the sight of Google engineers. These breaches can be very threatening and if accessed by the hacking mafia, it can cause a lot of damage. It is most effective in terms of cost to pay the researchers beforehand rather than dealing with the full-on attack later.
Initially, the VRP was launched in 2010, the program is taking slow steps towards expansion. The areas that are covered by VRP are Android, Google Chrome, and Google Play, etc. The security reward by Google play is awarded to any app that has extensive 100 million installs. At first, only the top eight apps were eligible for the program.
Till now, Google has paid over $21 million under the umbrella of this program. Last year the company paid $1 million to the researchers who pointed out a major bug in the system of Google Chrome. The payout had also been doubled from $5000 to $15000 in a short period. Google has also said to increase it to $30000 in the times to come.
The reward for android security had been $1.9 million last year. It’s a new member of the exploitation category. The reward is $1 million for a full chain remote code execution exploit on pixel devices. According to the company if an ethical hacker achieves the exploit on specific developer preview versions of Android, a 50% bonus will be added, making the top prize $1.5 million.
Besides that Apple bug bounty program is offering over $1 million to the hackers. Elon Musk had challenged the hackers out there to hack the system of Tesla’s new Model 3 car and in return, the person will be rewarded $500,000.