Google's been paying big bucks for Android vulnerabilities (and that money's only getting bigger)

Keeping an operating system secure is a constant battle. Every time you add a new feature, or change the way an existing one works, you risk introducing new bugs that could potentially be exploited by hackers. Google's wise enough to know that it can't stay on top of every last Android vulnerability on its own, and for the past year now the company's been offering a bug bounty for developers who find and report problems with Android system code. Now a year into this program, Google's sharing details on its success, and promising even more money to participants in the future.

Since its inception in June of last year, the Android Security Rewards program has paid over $550,000 for bug reports. While 82 people have claimed rewards of some size, a smaller group really stands out as the most productive; only 15 participants have taken home $10,000 or more, with the most prolific banking nearly $76,000 for 26 separate reports.

Google likes how the first year of Android Security Rewards went, but it's hoping the next year proves to be even better at stamping-out dangerous Android bugs. To that end, the company's upping its payouts for the most serious vulnerabilities in an effort to recruit even more talented minds to work on discovering them.

For instance, the reward for discovering a critical-rated bug and developing a proof of concept goes up from $3,000 to $4,000. Google's yet to make any payments for its very top-level vulnerabilities, but just in case some extra cash can help with motivation there, it's raising the reward for remote attacks capable of breaking TrustZone or Verified Boot from $30,000 to $50,000.

Anybody thinking about a side career tracking down Android security holes?

source: Google