Tip Us Hey you, we are hiring! Join us if you are an author, developer or designer!

Google paid over $550,000 to vulnerability researchers and Android Security Program completed its first year under VRP

18 June 2016 0

Google shares some of the interesting facts about their Android Security Rewards (ASR) program which has just completed its one year under the VRP (Vulnerability Rewards Program). Google reports that it received over 250 qualifying vulnerability reports from Android researchers during this time period. Furthermore, a total of $550,000 was paid to 82 individuals, which translates into an average of $2,200 per reward and $6,700 per researcher.

Google also enlisted the names of a top researcher who found a total of 26 vulnerability. @heisecode received $75,750 rewards for submitting these vulnerabilities. There were also a few, who received $10,000 for finding around 15 vulnerabilities.

Google said - "no payouts for the top reward for a complete remote exploit chain leading to TrustZone or Verified Boot compromise.'"

Google also shares that they have also made a few improvements to VRP. Google says that they are continuously working to improve the program. These improvements include paying high to the vulnerability researchers. For instance, the reward for a Critical vulnerability report with a proof of concept increased from $3,000 to $4,000. More improvements include -

  • A high-quality vulnerability report with a proof of concept, a CTS Test, or a patch will receive an additional 50% more.
  • We’re raising our rewards for a remote or proximal kernel exploit from $20,000 to $30,000.
  • A remote exploit chain or exploits leading to TrustZone or Verified Boot compromise increase from $30,000 to $50,000.

0

comments

Google paid over $550,000 to vulnerability researchers and Android Security Program completed its first year under VRP
Write a comment...

Google Pixel 6 is coming to at least these countries

Qualcomm says it will continue to work with Google, asserts after its stock fell

Google previews Pixel 6 and confirms custom-built SoC Tensor ahead of official debut

Motorola Edge 20 Pro, Edge 20, Edge 20 Lite are here