Il bug bounty it is a widespread practice among software companies that consists in paying professionals, whether they are single white hackers or specialized companies, to find bugs in their programs and report them.
A practice that Google has undertaken since 2010 and which in the following 8 years resulted in an expenditure of 21 million dollars. The already exorbitant figure further increased last year, when employing 461 different security operators, the Mountain View company spent 6,5 million dollars in search of bugs, almost double the 3,4 in 2018.
Boosting your software defects has two positive aspects: not only is it much less expensive to plug the security holes that these bugs would cause if discovered, but it encourages individual white hackers who find them to report them to the company rather than exploit them for personal purposes .
Of the $ 6,5 million spent in 2019, Google spent 800.000 on finding bugs in Google Play, 1,2 million in Chrome, 1,9 in Android and the remaining 2,1 million in other products.
In addition, the "bug hunters" donated $ 507.000 earned this way last year beneficence, a figure never reached in previous years.
The very rapid increase in expenses in this program, doubled in just one year, testifies to the speed with which it is expanding. Another clue in this regard is the increase in the maximum reward for anyone who finds bugs in Android a a million dollars.