Google just announced that it dished out more than $US1.5 million last year to “white hat” hackers who helped the company find security vulnerabilities in its products.
The company started its Security Rewards Program in 2010 to encourage security researchers to search for and report bugs and security flaws.
That big payout went to more than 200 different researchers, Google says, with the largest single sum — $US150,000 — going to a 17-year-old who found and fixed some Google Chrome security issues. He ended up joining Google as an intern in its Project Zero security division after reporting the project.
Google’s bug-finding initiative recently drew fire from Microsoft after Google exposed a security bug in Windows 8 before Microsoft had a chance to patch it. Google’s Project Zero has a strict 90-day “fix it or we’ll disclose it,” policy, but Microsoft wanted to put the fix out as part of its monthly “Patch Tuesday,” which delivers fixes to enterprise customers on a predictable schedule.
Google isn’t the only major tech company that rewards reported bugs. High-tech “bounty hunters” can get money from Facebook, Twitter, and Mozilla, all of which offer similar programs.
Google also announced a new initiative it’s calling “Vulnerability Research Grants.”
Because bugs are getting increasingly difficult to find, the goal of the grants is to give researchers a way to spend a lot of time and effort on struggling to find problems without feeling like they wasted their time. Hackers can apply for grants of a maximum of $US3,133.70 (it’s a hacker joke).
Business Insider Emails & Alerts
Site highlights each day to your inbox.