Google has revealed that it paid $3 million to bounty-hunters, or bug finders in 2016 alone. Hackers who found vulnerabilities, originated from 59 countries, discovered more than a thousand security loopholes in Google products, including Chrome, Android, and more.
The company had previously paid $2 million to developers in 2015, which was considerably higher than $1.5 million of the year before. To date, the company has paid developers about $9 million on finding security bugs in Google’s products ever since the program began in 2010.
The bugs, which varied in their critical level, also varied with the amount of payout. Starting from considerably smaller sums, they went to $100,000 for a single vulnerability, which was paid out when a developer accepted a challenge to hack a ChromeBook.
This figure doesn’t necessarily indicate that Google products are getting buggier with time, but instead, that Google has been paying out much more than before. That ChromeBook hack, for instance, originally paid out $50,000, a figure which has since been increased to get more of people’s time (which eventually did lead to a successful attempt).
Similar programs for Chrome have reaped rewards in the range of $30,000, which is making bounty hunting an increasingly lucrative market to be in.
Programs encouraging bounty hunting have been on the rise other than Google as well. Facebook, for instance, has paid $5 million to developers until now, with most hunters belonging to India, US and Mexico. These programs not only encourage developers to find flaws; the problems identified also help raise security standards in end products.