Google has announced that it had paid over $6 million for security researchers through its Vulnerability Rewards Program since 2010. Last year it paid more than 300 different security researchers more than $200,000 for finding more than 750 bugs and vulnerabilities in Chrome and other Google Products, including largest single payment of $37,500 to an Android security researcher.
Last year Google introduced Android Security Rewards program to reward researchers who help them find, fix, and prevent vulnerabilities on Android.
Regarding the Vulnerability Rewards Program, Google said:
With an open approach, we’re able to consider a broad diversity of expertise for individual issues. We can also offer incentives for external researchers to work on challenging, time-consuming, projects that otherwise may not receive proper attention.
The purpose of these grants is to ensure that researchers are rewarded for their hard work, even if they don’t find a vulnerability. We’ve already seen positive results from this program.
In December Google announced that it will be dedicating $1 million specifically for security research related to Google Drive. The company said that it is looking forward to continuing the Security Reward Program’s growth in 2016.