Google paid $8.7 mn to bug hunters in 2021, Indore-guy topped the list

Google paid out a record $8.7 million in vulnerability rewards to researchers in 2021 who reported bugs in its various services to the tech giant. Google especially mentioned Indore-based Aman Pandey, who is the Founder and CEO of Bugsmirror.

Google paid $8.7 mn to bug hunters in 2021, Indore-guy topped the list
Source: IANS

New Delhi, Feb 12 (INAS) Google paid out a record $8.7 million in vulnerability rewards to researchers in 2021 who reported bugs in its various services to the tech giant. Google especially mentioned Indore-based Aman Pandey, who is the Founder and CEO of Bugsmirror.

Google paid $296,000 for over 220 unique security reports, specifically shouting out Pandey of the Bugsmirror Team, Yu-Cheng Lin, and researcher [email protected] (who secured the highest $157,000 award).

"Pandey of Bugsmirror Team has skyrocketed to our top researcher last year, submitting 232 vulnerabilities in 2021! Since submitting their first report in 2019, Aman has reported over 280 valid vulnerabilities to the Android VRP and has been a crucial part of making our programme so successful," said Google in its report.

Pandey, a graduate from NIT Bhopal, officially registered his company in January 2021. The company helps Google, Apple and others in enhancing and fortifying their security systems.

The Android Vulnerability Reward Programme (VRP) doubled its 2020 total payouts in 2021 with nearly $3 million dollars in rewards, and awarded the highest payout in Android VRP history: An exploit chain discovered in Android receiving a reward of $157,000.

"Our industry leading prize of $1,500,000 for a compromise of our Titan-M Security chip used in our Pixel device remains unclaimed," said Sarah Jacobus from the Vulnerability Rewards Team.

Google also launched the Android Chipset Security Reward Programme (ACSRP), a vulnerability reward programme offered by Google in collaboration with manufacturers of certain popular Android chipsets.

In 2021, the ACSRP paid out $296,000 for over 220 valid and unique security reports.

This time the Chrome VRP also set some new records -- 115 Chrome VRP researchers were rewarded for 333 unique Chrome security bug reports submitted in 2021, totalling $3.3 million in VRP rewards.

Of the $3.3 million, $3.1 million was awarded for Chrome Browser security bugs and $250,500 for Chrome OS bugs, including a $45,000 top reward amount for an individual Chrome OS security bug report and $27,000 for an individual Chrome Browser security bug report.

Google Play paid out $550,000 in rewards to over 60 unique security researchers.