The company has paid out over $4 million in bug bounties since the program’s inception

Now into its fifth year, Google’s bug bounty program has already seen the search engine giant pay security researchers in excess of $4 million for identifying security vulnerabilities in its various products. And according to a recent post on the company’s Online Security Blog, over $1.5 million was paid out in 2014 alone, with the largest single reward during the year being a whopping $150,000. Still not impressed? Well, neither is Google.
The company is expanding the scope of its Vulnerability Reward Program to include all mobile apps developed by it for Android and iOS, Eduardo Vela Nava, a security engineer at Google, announced in a blog post Friday.
But in even bigger news, the company has announced a new, experimental Vulnerability Research Grants program under which it will give security researchers upfront grants of up to $3,133.70 to carry out security research on “newly launched features and products.”
“The program is intended for our top performing, frequent vulnerability researchers as well as invited experts, and we hope it will allow us to reward the security researchers time and attention including the situations when they don't find any vulnerabilities,” reads the Vulnerability Research Grants rules page. “If, as a result of the grant, a vulnerability is found, then it will also be eligible for a reward under our Vulnerability Reward Program.
“Aimed at rewarding researchers looking for new research targets, and curious on what was recently launched by Google. Note the Google product security team reviews new products and services before launch, but we want to support external research and scrutiny.”
Follow Pulkit on Google+


More...