One year Google web vulnerability research

Adam Mein from Google Security Team shared today some stats from the VRP of the last 12 months. The facts about one year VRP: $ 429.000 paid to around 200 researcher for 750 qualifying bugs. Roughly half of the bugs that received a reward were discovered in software written by approximately 50 companies that Google acquired.

Google Gifts

Adam told in 2011 that 20% of people are responsible for around 80% of all bugs.

Here some reports from researchers who participate in VRP:

My personal stats about one year VRP can be found here.