Tech companies paying Hackers to find potential vulnerabilities in their systems might sound like fiction to some people but Google engineers interpret it differently. Many companies think that paying Hackers is not a bad thing until they are on our side and likewise, Google revealed that it has paid $6.5 million last year to researchers who diagnosed a vulnerability. This amount is almost double of the $3.4 million that the Alphabet subsidiary paid last year.
Google’s Vulnerability Reward Programs (VRP) was created to reward researchers for protecting users from security bugs missed during development by google engineers. These programs can also give an alternate legal path for hackers to get monetary benefits straight from Google itself thus reducing chances of exploitation by third parties. Also, It is more cost-effective to reward Hackers beforehand than dealing with a full-on attack.
Since November 2010, when VRP was launched, it has expanded to cover additional Google product areas, including Chrome, Android, and most recently Abuse. The Google play security reward program was extended to any app with over 100 million installs. A year ago, it was limited to only top eight apps. This resulted in over $650,000 in rewards in the second half of 2019. This program helps developers of third-party apps on Google play to identify and disclose vulnerabilities
After the launch of Vulnerability reward program, Google has paid out more than $21 million in rewards.
When it comes to chrome’s VRP, Google has paid nearly a million dollars last year to the bug reporters. Google increased its reward payouts for chrome by tripling maximum baseline reward amount from $5,000 to $15,000 and increasing maximum reward amount from $15,000 to $30,000 for high quality reports.
Now let’s talk about Android security rewards, where it spent $1.9 million last year as a result of addition of new exploit categories and higher rewards. The top prize is now $1 million for a full chain remote code execution exploit on Pixel devices. The good news doesn’t stop here as according to Google if someone achieves that exploit on specific developer preview versions of Android, a 50% bonus will be added, making the top prize $1.5 million.
Apparently it seems like paying Hackers is not a bad strategy after all. This is why Tesla is offering $500,000 to anyone that can hack its Model 3 and Apple’s Bug bounty program offers up to $1 million to iPhone Hackers.