Half of the bug bounty awarded to researchers was for reporting vulnerabilities in Android and Chrome. Bug Bounty programs have played a major role in improving the security of a company’s products and the subsequent damage that happens financially and to the company’s brand reputation in the event of a data breach. Google has always been proactive in rewarding security researchers who help in enhancing its products.
In an official blog post, Google has shared three stories about its bug bounty rewards from 2018.
#1. A 19-year old security researcher from Uruguay, Ezequiel Pereira discovered a Remote Code Execution (RCE) bug that allowed him to gain remote access to the Google Cloud Platform console.
#2. A Poland based security researcher uncovered a bug related to cross-site scripting (XSS). The type of security bug can allow an attacker to change the behaviour or an appearance of the website, steal private data, or preform actions on behalf of a user. Tomasz Bojarski was Google’s top bug hunter for the last year, he used his reward to open a restaurant.
#3. Google offered $1,337 to Dzmitry Lukyanenka, a researcher from Minsk. After he lost his job, he started looking for bug bounty programs. He soon became part of Google’s VRP grants program, which offered financial support for prolific bug hunters.
Google also announced the Security and Privacy research awards last year. The awards recognise academics that made major contributions to the cybersecurity field. In the blog post, Google has announced the following list of 2018 winners.
– Alina Oprea, Northeastern University: Cloud Security
– Matthew Green, Johns Hopkins: Cryptography
– Thorsten Holz, Ruhr-Universität Bochum, Systems Security
– Alastair Beresford, Cambridge: Usable security and privacy, mobile security
– Carmela Troncoso, Ecole Polytechnique Usable de Lausanne: Privacy/Security ML
– Rick Wash, Michigan State University: Usable Privacy and Security
– Prateek Saxena, National University of Singapore: ML/Web security