2/10/2012

One year Google web vulnerability research

Adam Mein from Google Security Team shared today some stats from the VRP of the last 12 months. The facts about one year VRP: $ 429.000 paid to around 200 researcher for 750 qualifying bugs. Roughly half of the bugs that received a reward were discovered in software written by approximately 50 companies that Google acquired.

Google Gifts

Adam told in 2011 that 20% of people are responsible for around 80% of all bugs.

Here some reports from researchers who participate in VRP:


My personal stats about one year VRP can be found here.