Follow by Email

Thursday, 16 June 2016

Google’s Android Security Rewards has given researchers over $550,000 in 1 year

Google announced today that it has paid out more than $550,000 to 82 security researchers that have detected vulnerabilities within the Android mobile operating system. This was done under the auspices of the company’s Android Security Rewards program which launched last year. Over 250 “qualifying” vulnerability reports were submitted to Google with more than a third relating to Media Server, which the company said it
has improved to make it more resistant to vulnerabilities. Over 25 percent of the issues received were reported in code that’s developed and used outside of the Android Open Source Project.

Out of the $550,000 dispensed, Google gave an average reward of $2,200 and $6,700 per researcher. The highest amount of $75,750 was given to Peter Pi who submitted 26 vulnerability reports. 15 researchers received at least $10,000 in payouts. The company revealed that the top prize for a complete remote exploit chain leading to TrustZone or Verified Boot compromise remained unclaimed.

After its inaugural year, Google has made improvements that will see an amount increases. Specifically, the company will pay 33 percent more for high-quality vulnerability reports with proof of concept and 50 percent more with the addition of a CTS Test or a patch.

In addition, rewards for remote or proximal kernel exploit has gone up from $20,000 to $30,000. A remote exploit chain or exploits leading to TrustZone or Verified Boot compromise is also changing, paying now up to $50,000.

Google has always had a bug bounty, but last year it expanded it to Android in order to compensate those who find and responsibly disclose vulnerabilities in the operating system. Since 2010, it has paid security researchers more than $4 million in rewards across all its programs and is spending more every year.

No comments:

Post a comment

This free script provided by
JavaScript Kit

Follow by Email