Aman Pandey has received a special mention in Google's report on researchers who discovered vulnerabilities in Android. (Image: Via Aman Pandey) In a blog post, Google has revealed that Aman Pandey, an Indian cybersecurity researcher and founder and CEO at Bugsmirror, was one of the top researchers of the tech giant’s Vulnerability Reward Program (VRP) last year. Pandey uncovered and submitted 232 vulnerabilities in Android just last year. He had joined the program in 2019, and has so far reported over 280 valid vulnerabilities to the Android program, according to the blog post.
Most tech companies such as Apple, Google, Microsoft and other pay researchers for any ‘bugs’ or software flaws that these researchers can locate in their products. The rewards are popularly called as ‘Bugs bounty.’
“I have been working on security research for almost 4 years now, And the Bugsmirror team’s incessant passion and hard-work towards security research has helped us to indigenously design and develop applications embedded with algorithms, that too invented at Bugsmirror, which has helped us locate and patch vulnerabilities at an unmatched speed and accuracy. Programs like this has helped not just research companies like us but even mass population to understand the importance of privacy and security research,” Pandey told indianexpress.com.
According to Google, it has paid out $8.7 million as part of its Vulnerability Reward Program (VRP) in 2021. For Android alone this number stood $3 million ($2,935,244 or approximately Rs 22 crore) in rewards, and was nearly double the previous year’s figure. A total of 119 researchers worldwide were awarded by Google for finding critical flaws in Android.
The program also awarded the highest payout in history this year: $157,000 for an exploit chain discovered in Android. It also offered a $1.5 million bounty for finding compromises in its Titan-M security chip that the company uses in its Pixel mobile devices. The prize remains unclaimed so far.
The blog post also makes a special mention of Yu-Cheng Lin, a Chinese Android security researcher, who submitted a total of 128 valid reports in 2021.
Google’s bug bounty program for its Chrome browser saw a total of $3,288,000 (approximately Rs 24.6 crores) being given to 115 researchers. Of the total amount, $3.1 million was awarded for Chrome browser vulnerabilities and $250,000 for Chrome OS vulnerabilities.
Chrome OS VRP researcher Rory McNamara won $45,000, the highest single prize awarded in the program, for reporting a root privilege escalation bug. Such flaws can allow an attacker to gains illicit access to elevated rights and privileges with a device or what is also called as root access privilege.
The Google Play VRP paid out $550,000 in rewards to 60 security researchers. The winners of the Google Cloud Platform VRP for 2021 haven’t been announced.
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
