Google has released an overview of its Android Security Rewards program, which has just wrapped up its first year. Added to the Google Vulnerability Rewards Program in June 2015, the Android Security Rewards program has thus far paid out more than $550,000 to security researchers for discovering and reporting vulnerabilities, the company revealed.
Here are some of the more interesting tidbits about the program's first year, highlighted by Google:
- We paid over $550,000 to 82 individuals. That's an average of $2,200 per reward and $6,700 per researcher.
- We paid our top researcher, @heisecode, $75,750 for 26 vulnerability reports.
- We paid 15 researchers $10,000 or more.
- There were no payouts for the top reward for a complete remote exploit chain leading to TrustZone or Verified Boot compromise.
Google also announced that it is making some changes to the program to pay more for qualifying vulnerabilities. In fact, the search giant says its maximum payout is being increased from $30,000 to $50,000. Meanwhile, the payout for a critical vulnerability with proof of concept will move from $3,000 to $4,000.