How to know, Google is actively motivate third-party researchers in the field of information technology security to search and the company’s operating systems. 2016 became one of the most generous in the payment: Google spent on remuneration of $ 3 million – a third of the total amount of $ 9 million, which was paid to the participants since the program Vulnerability Rewards Program in 2010. In the last step 350 participants received individual grants of $ 1000, the size of the largest reward was $ 100 000. By the way, in March of 2016 Google has doubled the prize for hacking Chrome OS from $ 50,000 to $ 100,000, but he did not find its owner.
The main objective remains the Google Android mobile operating system increased safety.
“We have noted an amazing contribution to Android researchers around the world in less than a year after Android debut in VRP program. We have also expanded the payment of grants for increasing safety in products OnHub and Nest. We have increased our presence in the worldwide events, including the Pwn2Own and Pwnfest. a more detailed description of the vulnerabilities presented at these events enabled us to quickly release the necessary corrections to the ecosystem and to ensure the safety of customers, for example, we were able to close a vulnerability in Chrome in a few days after receiving the information about it. “- said in the Google security Blog.
Here are a few examples of the major benefits of Google discovered vulnerabilities in 2016:
- Tomasts Bojarski received an award in the amount of $ 3134 for discovering vulnerabilities events.google.com site. According to Boyarsky, he searched Google exploits for three years for his own amusement. And perhaps fame.
- Byte overflow vulnerability in the DNS library Chrome OS, detailed in Project Zero blog.
The annual report says that the number of security researchers from India is going through a big leap. One of the regular participants in the program pay for discovered vulnerabilities managed so even sponsor their own startup.