One year Google web vulnerability research
Adam Mein from the Google Security Team shared today some stats from the VRP of the last 12 months.
The facts about one year VRP: $429.000 paid to around 200 researcher for 750qualifying bugs.
Roughly half of the bugs that received a reward were discovered in software written by approximately 50 companies that Google acquired.
Adam told in 2011 that 20% of people are responsible for around 80% of all bugs.
Here some reports from researchers who participate in the VRP:
- XSS iGoogle, XSS Google Translate
- XSS Recaptcha
- Reflected DOM based XSS Google Code
- XSS Google Analytics
- XSS Google Adwords (1)
- XSS Google Adwords (2)
- XSS Google Webmaster Support Forum
- XSS Jaiku
- XSS Aardvark
- XSS Blogger.com
- XSS Google Code
- CSRF Google Feedburner
- XSS Android Market
- XSS Google Website Optimizer
- XSS accounts.youtube.com
- XSS Invitemedia
- XSS Google Calendar (german)
- Masato Kinugawa ($30.000 Tweet)
- Gain Blogger.com Administrator Priviledge
My personal stats about one year VRP can be found here.