Google’s vulnerability reward program paid out US$2 million (A$2.8 million) worth of bug bounties in 2015, bringing the total value of the scheme to more than US$6 million since it started in 2010.
In the first year the web giant brought its Android operating system into the program, it has seen a rapid jump in rewards paid out, from US$1.5 million in 2014.
It handed rewards to security researchers as far flung as Poland, Romania, Israel, Brazil and China throughout the year.
“Rewarding security researchers for their hard work benefits everyone,” wrote Google’s Eduardo Vela Nava in a blog.
In 2015, for example, Russian researcher Kamil Histamullin uncovered a flaw in the YouTube creator studio that would allow anyone to delete someone else’s videos simply by changing a parameter in the URL.
Histamullin, who was already working under a vulnerability rewards program grant, received US$5000 for his discovery.
The past 12 months marked the first year the Android mobile operating system was added to the vulnerability reward program, having a “significant and immediate impact” on the scheme straight away, said Vela Nava.
In the half year that bug bounties were offered for Android flaws, Google paid out US$200,000 to researchers, including one single payment of US$37,000.