14 DAY TRIAL // Google’s bug bounty program rewarded hackers with $3 million throughout 2016, indicating just how important such programs are for all those involved. This way, Google’s bugs are snuffed out without being used as backdoors into their system, and hackers get to flex their muscles and get paid for doing the right thing - reporting the issues back to the mother ship.
The company’s 2016 year in review report puts the spotlight on the bug bounty program, insisting that this is a very important part of Google, especially since it is on a mission to keep its users safe. Over 350 researchers contributed to the program in 2016, and they come from all over the world, or more specifically, 59 countries.
In total, over 1,000 bugs were found in Google’s apps and services and reported back to Google. If you’re wondering just how profitable it can be for hackers to spend time looking for Google bugs, you should know the highest payout for a single vulnerability report was $100,000. Yes, you read that right. Given the fact that regular bugs aren’t rewarded that heftily, that particular vulnerability must have been quite an important one.
Large payouts, important bugs
By comparison, in 2015, Google paid $2 million in the bug bounty program, so last year’s $3 million represent a pretty considerable hike. This is easily explained by the fact that Google increased the minimum payout last year, in some areas even by a 50%.
Google isn’t the only company that’s been known to have bug bounty programs. In fact, most companies do and it’s clear that it can be quite lucrative even when working as a white hat hacker. Many private researchers make quite a bit of money just by looking for bugs, without taking into account the extra they make in their day jobs.
The fact that Google has spent so much to pay white hats should make you happy because that means the products you use on a daily basis are more secure because of the patched bugs. Since the program was started in 2010, Google has paid more than $9 million in rewards.