It’s no surprise then that Google has taken a proactive approach to security. The company paid out more than $2 million in bounties to more than 300 researchers who found vulnerabilities in its products and services in 2015, up from $1.5 million in 2014. Google has also put pressure on other online services and software developers by creating a hub for reporting and disclosing vulnerabilities, known as Project Zero. “With an open approach, we’re able to consider a broad diversity of expertise for individual issues,” Eduardo Vela Nava, a security engineer for Google Security, says in a blog post summarizing the company’s progress. “We can also offer incentives for external researchers to work on challenging, time-consuming projects that otherwise may not receive proper attention.”
The company’s focus has paid dividends. While, for example, the openness of the Android mobile operating system has attracted the lion’s share of mobile attackers, Google sees only 0.5 percent of devices attempting to install a potentially unwanted program, much lower than the typical 10 to 15 percent of Windows systems affected by such programs.
The Gig Economy Meets Security Testing
Founded: 2012 by Alex Rice, Merijn Terheggen, Michiel Prins and Jobert Abma
Headquarters: San Francisco
Mission: Help customers run their own responsible disclosure or bug bounty program and tap the knowledge of security researchers worldwide