Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Android
    • Android
    • Cybersecurity

    Google Pays Out $550K in Android Bug Bounties in One Year

    By
    Sean Michael Kerner
    -
    June 19, 2016
    Share
    Facebook
    Twitter
    Linkedin
      Android security

      Google has had a security rewards program in place since 2010, but it wasn’t until last June that it added Android to the eligible products list. A year later, Google is reporting that it has received more than 250 vulnerability reports for Android and has paid out $550,000 to 82 security researchers for their efforts.

      At the Google I/O event in May, Stephan Somogyi, product manager of security and privacy at Google, stated that Google in total paid out $2 million in 2015 to more than 300 security researchers for vulnerability disclosures.

      Quan To, program manager of Android security at Google, noted in a blog post that Peter Pi was the top researcher for Android vulnerabilities over the program’s first year. Pi reported 26 vulnerabilities to Google and for his efforts was awarded $75,750. Google paid out $10,000 or more in bug bounty to 15 researchers, according to To.

      Among the most well-known of all Android vulnerability disclosures are those related to the Stagefright media library. Zimperium security researcher Joshua Drake disclosed the first series of Stagefright flaws in July 2015, with an additional set disclosed in October.

      In a Twitter reply to eWEEK, Drake said the total bounty he received from Google for his Stagefright-related disclosures was more than $50,000.

      Google’s Android security program dramatically accelerated after the initial Stagefright disclosure, with the company moving to a monthly update cycle for Android security patches in August 2015. In the first six months of 2016, Google has patched 163 vulnerabilities, including multiple issues in the mediaserver component, which is in the same part of the Android operating system as the Stagefright media library.

      For the second year of Google’s Android vulnerability award program, researchers will be eligible to earn even more money for security disclosures. Google will now pay 33 percent more for a high-quality vulnerability report with proof of concept. Those researchers who submit a high-quality vulnerability report together with a proof of concept and a patch will now receive a 50 percent higher award.

      At the high end, Google will now pay $30,000 for a remote kernel exploit, up from $20,000 in 2015. A remote exploit that leads to a compromise of verified boot on Android will now earn a researcher $50,000, up from $20,000 last year.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×