Google Vulnerability Rewards Program Is Paying More For Android Security Bugs

Last year, Google Vulnerability Rewards Program paid researchers increased rewards up to a total amount of $550,000 for Android security bugs.

The Android Security website page presents a full list of rewards received. According to 9To5Google, last year a total of 82 researches have submitted over 250 qualifying vulnerability reports.  

This resulted in an average of $6,700 per researcher and $2,200 per reward. In the same period, 15 researchers received $10,000 or more and the top researcher earned $75,750 for 26 vulnerability submissions.

Over a third of the submitted reports concerned the playback Media Server that led to Stagefright. These reports were related to the code of third-party OEMs, such as device drivers and kernel bugs. 

There were no payouts for the top reward, that is related to the Verified Boot or the TrustZone exploits. Since then, Google has taken a number of to make the Android N more secure.

According to Android Headlines, the Vulnerability Rewards Program was launched by Google back in 2010. This program rewarded researchers for founding any bugs in Google's services and apps.

Google expanded its program in the year 2015 to include Android. And now, in order to attract more researchers to find vulnerabilities, Google has decided to increase the rewards.

The reward offered by the company for the remote exploit chain or exploits leading to Verified Boot or TrustZone compromise is now $50,000, increasing with $20,000 from the $30,000 previously offered. Google will also pay the researcher 33 percent more for every high-quality vulnerability report with proof of concept.

The company has also increased rewards for a proximal or remote kernel exploit to $30,000 from $20,000. Researchers will receive an additional 50 percent more on top of that, if they submit a CTS Test, a high quality vulnerability report with a proof of concept or a patch.

Google is making clear with the increase of the amount is willing to pay that it wants researchers to focus more on finding and reporting bugs in Android. The company aims to ensure that safety and security of Android is improved.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Company from iTechPost

More from iTechPost