Google’s bug bounty program pays out $3 million, mostly for Android and Chrome exploits

0 0 1 Feb 2017 Edit this post

If you’re willing to hunt for flaws within its vast array of software and services, Google’s happy to pay up. Over the course of its 2016 ...


If you’re willing to hunt for flaws within its vast array of software and services, Google’s happy to pay up. Over the course of its 2016 Vulnerability Rewards Program, the company paid out $3 million—a third of the total $9 million that enthusiastic researchers have earned since the initiative, more colloquially known as a bug bounty program, launched in 2010.

 The latest round of bug bounties yielded 1,000 individual rewards to 350 participants, with the largest single reward totaling $100,000. Last March, Google doubled the bounty for a Chromebook hack from $50,000 to $100,000, after no one managed to pull one off.

 The big reason for the jump in reward numbers? Android. Last year was the first that Android had its own Vulnerability Reward Program, or VRP. As Google’s Security Blog explains:

 “On the product side, we saw amazing contributions from Android researchers all over the world, less than a year after Android launched its VRP. We also expanded our overall VRP to include more products, including OnHub and Nest devices.

 We increased our presence at events around the world, like pwn2own and Pwnfest. The vulnerabilities responsibly disclosed at these events enabled us to quickly provide fixes to the ecosystem and keep customers safe. At both events, we were able to close down a vulnerability in Chrome within days of being notified of the issue.”



 Among 2016’s bug bounty exploits:

 Google awarded $3,134 to researcher Tomasz Bojarski for an XSS vulnerability identified on its events site (events.google.com). Bojarsk has been hunts for Google exploits from a small town in Poland for the last three years and he claims to do it for the “sheer enjoyment.” Maybe also for the glory, because he’s killing it on Google’s bug bounty leaderboards.
A “bug chain bonus” of $5,000 and another $7,500 for a JavaScript exploit targeting the Google account recovery page.
A Chrome OS vulnerability involving a one byte DNS library overflow, detailed at the Project Zero blog. Sounds like someone finally cashed in on Google’s Chromebook call to action.
In a report on the annual bug bounty rewards, Google noted that participation from researchers in India is on the upswing. One regular VRP participant that the team met in India at Nullcon actually funds his own startup with his bounties.

 Inspired to exploit greatness yet? If you’ve ever wanted to watch an pop-up alert dance along to an EDM drop, well, today is your lucky day. Through Google’s VRP, all this and more could be yours.

 Source

Labels:

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

BLOGGER
DISQUS
Name

10 , 1 , 6 , 1 , Accessories , 2 , Ads , 2 , Adventure , 1 , Airlines , 1 , Airport , 1 , Alarm clock , 1 , Alcatel , 1 , alexa , 1 , Alibaba , 1 , Amazon , 11 , Amazon go , 1 , Amusement Park , 1 , Android , 103 , Android 7.0 , 1 , Android Auto , 3 , Android Wear , 1 , APK , 1 , App , 1 , Apple , 73 , Apple Store , 2 , Apple TV , 1 , appletv , 1 , Apps , 29 , Ara , 1 , Architech , 1 , Art , 1 , Asteroid , 1 , Aston Martin , 1 , Audiophiles , 1 , Autodesk , 1 , Automobiles , 4 , Autonomous Race , 1 , av , 1 , Ban , 1 , Battery , 2 , Beat Headphone , 1 , Best Buy , 1 , Beta , 1 , biggest upgrade , 1 , BMW , 1 , BMW i8 , 1 , Bugatti , 1 , Bugs , 4 , Calendar , 1 , Camera , 2 , Carbon Fiber , 1 , Carplay , 1 , Cars , 18 , Clock , 1 , Cortana , 2 , culture , 3 , Data center , 1 , Deals , 1 , Display , 1 , Droid , 1 , Drone , 7 , E-Bikes , 1 , Electric Cars , 2 , Electronics , 1 , Energizer Energy , 1 , Environment , 1 , Experiments , 1 , Facebook , 10 , facebooktv , 1 , facebookvideo , 1 , Ferrari Land , 1 , Firefox , 1 , Fitness Tracker , 1 , Formula 1 , 1 , Gadgets , 3 , Galaxy S8 , 5 , Game , 4 , Games , 27 , Gaming , 13 , Ganes , 1 , gear , 8 , Gionee , 1 , Gmail , 1 , Google , 36 , Google Maps , 2 , Google Now , 2 , Google Station , 1 , Google Wifi , 1 , GoogleHome , 2 , GOT , 3 , GT , 1 , Guide , 1 , Hack , 2 , Hackathon , 1 , Hangouts , 1 , Headphone , 1 , Here Maps , 1 , home , 1 , Honor V9 , 1 , hoverbikes , 1 , HTC One X10 , 1 , Htc10 , 1 , Huawei , 4 , Hub , 1 , Hydrocarbon , 1 , Hyperloop , 1 , iCloud , 1 , iMac , 7 , Images , 1 , iMessage , 1 , Immigration , 1 , Impacts , 1 , India , 1 , Industry , 1 , Intel , 1 , Internet , 7 , IOS , 18 , iOS 9 , 2 , ios10.3 , 1 , iPad , 5 , iPhone , 14 , iphone 6 , 1 , iPhone 7 , 1 , iPhone 8 , 7 , ISRO , 2 , iTunes , 2 , KTM , 1 , LastPass , 1 , Launcher , 2 , Law , 1 , Leaks , 1 , Legal , 1 , LG , 8 , LTE , 1 , M , 5 , Mac , 8 , Maps , 2 , Mario , 2 , Marshmellow , 2 , Meizu , 1 , Messenger , 2 , Methane , 1 , Microsoft , 23 , Minions , 1 , mobile , 26 , mobiles , 7 , Movies , 1 , Mozilla , 3 , Music , 6 , NASA , 11 , Netflix , 1 , News , 14 , Nexus , 6 , Nokia , 4 , Nokia 3310 , 1 , Nougat , 2 , oneplus , 2 , OS , 1 , Pc , 1 , PDF , 1 , Peugeot , 1 , Pixel , 2 , Pixel 2 , 1 , pizza , 1 , Play Store , 3 , PlayStation , 3 , Pokemon Go , 3 , Porsche , 1 , PowerSource , 5 , Practo , 1 , Prank , 1 , Prime , 1 , Processor , 1 , PS , 1 , qrcode , 1 , Qualcomm , 2 , Resarch , 2 , Reviews , 2 , robot , 1 , robots , 9 , Rocket , 6 , Runtastic , 2 , Samsung , 24 , Sandisk , 1 , Satellite , 4 , science , 5 , SD Card , 2 , SDK , 1 , Secure Storage , 1 , Security , 1 , services , 2 , Shazam , 1 , Shield , 1 , Siri , 1 , Skype , 1 , slack , 1 , Smartphones , 13 , SmartWatch , 5 , snapchat , 2 , snapcode , 1 , Snapcodes , 1 , Snapdeal , 2 , Snapdragon , 1 , SoftBank , 1 , software , 4 , Solor Roof , 1 , Sony , 13 , Sony Xperia , 1 , soundhound , 1 , Space , 14 , SpaceX , 2 , Sportscar , 1 , Square , 1 , Supercars , 3 , Supercomputer , 1 , T-Mobile , 1 , tablet , 1 , Tablets , 3 , Taxi , 1 , Tech , 94 , Tesla , 3 , Torrent , 2 , Tracker , 1 , Transportation , 1 , Trump , 2 , Turing , 1 , TV , 6 , Uber , 3 , Ubuntu , 1 , Update , 9 , Viber , 2 , Videocaling , 1 , VoiceRecognition , 1 , Volvo , 1 , VR , 5 , Watch , 3 , Web , 1 , Whatsapp , 3 , WiFi , 1 , Windows , 19 , Windows 10 , 1 , work , 1 , Xbox , 3 , Xiaomi , 3 , Xiomi Redmi Note 4 , 1 , Yacht , 1 , Yahoo , 2 , Yankee , 1 , Yota , 1 , Youtube , 4 , YU , 1 , Zelda , 1 ,
ltr
item
beebox: Google’s bug bounty program pays out $3 million, mostly for Android and Chrome exploits
Google’s bug bounty program pays out $3 million, mostly for Android and Chrome exploits
https://tctechcrunch2011.files.wordpress.com/2015/01/security-globe.jpg?w=738
https://i.ytimg.com/vi/YdXkw3DwDd4/0.jpg
beebox
https://beeboxx.blogspot.com/2017/02/if-youre-willing-to-hunt-for-flaws.html
https://beeboxx.blogspot.com/
https://beeboxx.blogspot.com/
https://beeboxx.blogspot.com/2017/02/if-youre-willing-to-hunt-for-flaws.html
true
4610475561207823747
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy