Almost every big tech company has a bug bounty program under which it pays security researchers to discover ‘flaws’ and vulnerabilities in its software and other services. Google is no exception and this time Google has given a special shoutout to an India-based security researcher.
In a blog post, Google revealed that Aman Pandey of Bugsmirror Team was the top researcher when it came to reporting and submitting vulnerabilities in Android. Google said that Pandey submitted 232 vulnerabilities in 2021. “Since submitting their first report in 2019, Aman has reported over 280 valid vulnerabilities to the Android VRP and has been a crucial part of making our program so successful,” noted Sarah Jacobus, Vulnerability Rewards Team, Google in the blog post.
As per the Bugsmirror site, the firm is based out of Indore and was officially registered in 2021. Pandey is the founder and CEO of the company and is a graduate of NIT Bhopal. While the firm was registered in 2021, it has been working on several security research projects for the last three years or so. Google also said that Pandey has been submitting vulnerabilities to the company since 2019.
Meanwhile, the tech giant paid a record-breaking $8.7 million in vulnerability rewards. The security researchers discovered and reported vulnerabilities in Chrome, Google, Android, Google Play and others.
The maximum rewards were paid for discovering vulnerabilities in Android. Jacobus revealed that Android’s VRP (Vulnerabilities Rewards Program) doubled its 2020 total payouts in 2021 with nearly $3 million dollars in rewards. In fact, Google awarded the highest payout in Android VRP history in 2021 — an exploit chain discovered in Android receiving a reward of $157,000.
Jacobus also revealed that 115 Chrome VRP researchers were rewarded for 333 unique Chrome security bug reports submitted in 2021, totalling $3.3 million in VRP rewards. Of the $3.3 million, $3.1 million was awarded for Chrome Browser security bugs and $250,500 for Chrome OS bugs,