Google last year gave out $3 million as part of its Vulnerability Rewards Program where the company pays out researchers to find, fix, and prevent vulnerabilities specifically in Android, Chrome, and other Google products and services. In a blog post, the company updated the details and said that it nearly gave Android and Chrome researchers nearly $1 million each for finding vulnerabilities.


It’s worth pointing out that Google until June 2016 paid out $550,000 to 82 researchers for submitting various Android security bugs. This means that the second half of the year saw a similar amount being paid out by Google to hit the “nearly $1 million figure for Android.”

Google also claimed that it has now rewarded over $9 million in since the program was found in 2010. The company added that nearly 1,000 individuals have been rewarded under the Vulnerability Rewards Program while over 350 researchers have been rewarded. Google also claimed that it donated over $130,000 to charity so far.

The search giant back in 2015 paid nearly $2 million to researchers for finding vulnerabilities. Google’s bounty program is a way it encourages developers or any user to find bugs in the company’s products and services, which in-turn will result in a more secure offerings.

For those unaware, the company’s bounty program for Android operating system kick started in 2015 and in June 2016, Google completed first year of Android Security Rewards.

“We saw amazing contributions from Android researchers all over the world, less than a year after Android launched its VRP. We also expanded our overall VRP to include more products, including OnHub and Nest devices. The vulnerabilities responsibly disclosed at these events enabled us to quickly provide fixes to the ecosystem and keep customers safe,” wrote Eduardo Vela Nava, VRP Technical Lead, Google.

google vulnerability program Google Vulnerability Program