Google’s security bounty programs can be quite lucrative for those who discover problems, and the company has just published a report looking back at the security landscape in 2015. Entitled Google Security Rewards – 2015 Year in Review, the report reveals the financial rewards that have been paid out in the last 12 months.
In all, Google has paid out more than $ 2 million to more than 300 people, but Sanmay Ved is probably one of the more interesting reward recipients. He’s the guy who — very briefly — managed to buy Google.com before having it taken off his hands. Google offered him a $ 6,006.13 reward, but there’s a little more to the story.
If you’re wondering about the slightly strange amount, Google explains that if you squint and use a little imagination, the figure spells out the word Google. Sanmay decided to donate his reward to charity, and when Google learned about this, the reward was doubled. While Sanmay may have been one of the more unusual reward recipients, Tomasz Bojarski got the crown for the most prolific, discovering no fewer than 70 bugs on Google.
2015 was the year that Android was added to the to the Security Reward program initiative resulting in payments of over $ 200,000 to researchers. Google shares a graphic that shows some of the highlights from 2015:
In 2015, Google’s Vulnerability Research Grants was used to provide researchers with the funds they need to carry out their work. One example of how these funds were used includes research into a YouTube problem:
We’ve already seen positive results from this program; here’s one example. Kamil Histamullin a researcher from Kasan, Russia received a VRP grant early last year. Shortly thereafter, he found an issue in YouTube Creator Studio which would have enabled anyone to delete any video from YouTube by simply changing a parameter from the URL. After the issue was reported, our teams quickly fixed it and the researcher was rewarded $ 5,000 in addition to his initial research grant. Kamil detailed his findings on his personal blog in March.