& cplSiteName &

Google Pays Bounty to Best Bug Finder

Mitch Wagner
1/29/2016

Google's most prolific security researcher was pretty busy last year.

Tomasz Bojarski found 70 bugs on Google in 2015 -- including a bug in Google's vulnerability reporting form, according to a post on a Google company blog Thursday.

Google (Nasdaq: GOOG) also paid a reward to "Sanmay Ved, a researcher from who was able to buy google.com for one minute on Google Domains," the company says. "Our initial financial reward to Sanmay -- $6,006.13 -- spelled-out Google, numerically (squint a little and you'll see it!). We then doubled this amount when Sanmay donated his reward to charity."

Bug Hunt
These are not the bugs you're looking for.
These are not the bugs you're looking for.

Ved paid $12 for the domain September 29, after noticing Google.com was for sale while searching Google Domains. He donated his reward to The Art of Living India, an Indian foundation that brings education to people in slums.

In other Vulnerability Reward Program activity last year, Google added Android to the program and had paid more than $200,000 to researchers by the end of the year, including its largest single payment of $37,500 to an Android security researcher, the company says.

Google also started giving out research grants prior to investigations beginning.

And Google set aside $1 million specifically for security research related to Google Drive.

Security is always critical to business computing, but even more so as businesses and other organizations switch to New IP networks. As mission-critical apps and data move to the cloud, enterprises need to be sure they're safe.

Related posts:

— Mitch Wagner, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profileFollow me on Facebook, West Coast Bureau Chief, Light Reading. Got a tip about SDN or NFV? Send it to [email protected]

(7)  | 
Comment  | 
Print  | 
Related Stories
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
thebulk
thebulk
2/9/2016 | 12:17:27 AM
Re: Cash cow
@danlelcawrey, If thats the case then it has been going on longer then I knew about, I think the first I had noticed it was about 2011, I think its a good approach.
danielcawrey
danielcawrey
2/2/2016 | 1:44:32 PM
Re: Cash cow
I first noticed Google was rewarding security researchers way back in 2009. It's really smart – I remember back in the days of tons of vulnerabilities with Microsoft products. That's been something Google has tried really hard to avoid with the outsourcing of research like this. 
thebulk
thebulk
2/2/2016 | 12:43:49 AM
Re: Cash cow
It does seem like it would be difficult to count on income like that, but if you have enough researchers then youmight be able to get steady cashflow.
thebulk
thebulk
2/2/2016 | 12:43:06 AM
Re: Cash cow
Yes, it seems low, but legally I think it would have been easy for them to get it back.
Mitch Wagner
Mitch Wagner
2/1/2016 | 10:24:15 AM
Re: Cash cow
I can see how Google and others' bug bounty programs might become a source of cash flow for security researchers. Not necessarily something they can count on but a nice bonus. 
Kruz
Kruz
1/31/2016 | 3:01:32 PM
Re: Cash cow
I am curious to see how much would have Googled paid for its domain if the owner insisted on keeping it. 6k (even if it represents Google in a geeky way) seems too low for the prestigious domain
thebulk
thebulk
1/31/2016 | 2:37:14 PM
Cash cow
I know a few groups of security researchers here in asia that are teaming up and trying to make money off the bug bounty programs, I don't know any that have had any outstanding success yet, but they are working on it as being a verticle in their firms. 
Featured Video
Upcoming Live Events
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events