Google paid out $8.7 million in vulnerability rewards to researchers in 2021 who reported bugs in its various services to the tech giant.
Google paid $296,000 for over 220 security reports, specifically mentioning Pandey of the Bugsmirror Team, Yu-Cheng Lin, and researcher gzobqq@gmail.com (who secured the highest $157,000 award).
“Pandey of Bugsmirror Team has skyrocketed to our top researcher last year, submitting 232 vulnerabilities in 2021! Since submitting their first report in 2019, Aman has reported over 280 valid vulnerabilities to the Android VRP and has been a crucial part of making our program so successful,” Google said in its report.
Pandey, a graduate from NIT Bhopal, registered his company in January 2021. The company helps Google, Apple and others in enhancing and fortifying their security systems.
The Android Vulnerability Reward Program (VRP) doubled its 2020 total payouts in 2021 with nearly $3 million dollars in rewards, and awarded the highest payout in Android VRP history: An exploit chain discovered in Android receiving a reward of $157,000.
“Our industry leading prize of $1,500,000 for a compromise of our Titan-M Security chip used in our Pixel device remains unclaimed,” said Sarah Jacobus from the Vulnerability Rewards Team.
Google also launched the Android Chipset Security Reward Program (ACSRP), a vulnerability reward program offered by Google in collaboration with manufacturers of certain popular Android chipsets.
In 2021, the ACSRP paid out $296,000 for over 220 valid and unique security reports.
This time the Chrome VRP also set some new records — 115 Chrome VRP researchers were rewarded for 333 unique Chrome security bug reports submitted in 2021, totalling $3.3 million in VRP rewards.
Of the $3.3 million, $3.1 million was awarded for Chrome Browser security bugs and $250,500 for Chrome OS bugs, including a $45,000 top reward amount for an individual Chrome OS security bug report and $27,000 for an individual Chrome Browser security bug report.
Google Play paid out $550,000 in rewards to over 60 unique security researchers.
