Google reported on the results of the bug bounty program in 2019. It turned out that last year was a record: in fact, Google doubled the amount of remuneration paid to researchers for the vulnerabilities discovered, paying a total of more than 6.5 million US dollars for various bugs.
Let me remind you that the vulnerability detection rewards program has been running in Google for 10 years. In total, during this time the company spent more than $ 21 million on remuneration.
In 2019, more than 460 researchers from around the world participated in the bug bounty Google, and the largest payout was $ 201,337. Such a generous reward was awarded to an Alpha Lab specialist who discovered exploit chain, which in one click could lead to remote code execution on the Pixel 3 device.
In general, millions paid to researchers were fairly evenly distributed among various Google programs. So, $ 2.1 million was spent on payments for the main Google Vulnerability Reward Program (VRP); Android rewards program cost the company another $ 1.9 million; vulnerabilities in Chrome brought researchers a total of $ 1 million; and another 800,000 were paid through the Google Play Security Reward Program.
Let me remind you that last year the company expanded its bug bounty program and increased the amount of rewards. For example, now researchers will be able to earn money by detecting abuse of user data, and for compromising the Titan M security module (used in Google Pixel 3 and Pixel 4) you can get up to one and a half million dollars at all.