One year Google web vulnerability research

Adam Mein from the Google Security Team shared today some stats from the VRP of the last 12 months.

The facts about one year VRP: $429.000 paid to around 200 researcher for 750qualifying bugs.

Roughly half of the bugs that received a reward were discovered in software written by approximately 50 companies that Google acquired.

Adam told in 2011 that 20% of people are responsible for around 80% of all bugs.

Here some reports from researchers who participate in the VRP:

My personal stats about one year VRP can be found here.