Google Increases Bug Bounties
Posted by: Timothy Weaver on 06/18/2016 09:53 AM
[
Comments
]
Google has decided to increase the Android bug bounty reward after having paid out a total of over $550,000 last year.
The reward program was started a year ago and saw 82 researchers receive bounties of $38,000 for more than 250 flaws. Peter Pi (@heisecode) of Trend Micro received over $75,000 for 26 vulnerability reports. Although more than a dozen experts received $10,000 or more, no one managed to earn the top reward.
Rewards can be as low as $4,000 for a critical vulnerability report that is accompanied by a proof-of-concept (PoC). $30,000 for remote or proximal kernel exploits and as high as $50,000 for a remote exploit chain that leads to a TrustZone or Verified Boot compromise.
Quan To, security program manager at Google, explained: “While the program is focused on Nexus devices and has a primary goal of improving Android security, more than a quarter of the issues were reported in code that is developed and used outside of the Android Open Source Project. Fixing these kernel and device driver bugs helps improve security of the broader mobile industry (and even some non-mobile platforms).”
Source: Security Week
The reward program was started a year ago and saw 82 researchers receive bounties of $38,000 for more than 250 flaws. Peter Pi (@heisecode) of Trend Micro received over $75,000 for 26 vulnerability reports. Although more than a dozen experts received $10,000 or more, no one managed to earn the top reward. Rewards can be as low as $4,000 for a critical vulnerability report that is accompanied by a proof-of-concept (PoC). $30,000 for remote or proximal kernel exploits and as high as $50,000 for a remote exploit chain that leads to a TrustZone or Verified Boot compromise.
Quan To, security program manager at Google, explained: “While the program is focused on Nexus devices and has a primary goal of improving Android security, more than a quarter of the issues were reported in code that is developed and used outside of the Android Open Source Project. Fixing these kernel and device driver bugs helps improve security of the broader mobile industry (and even some non-mobile platforms).”
Source: Security Week
Comments
