Google recently announced it has paid out over $21 million to its “bug bounty” program since 2010.
According to a recent VentureBeat article, the company paid $6.5 million to 461 different security researchers, about double the previous record set in 2018.
In the AV industry, the concept of “hackathons” and paying a hacker to exploit a networked AV product or system is usually relegated to a fun topic of discussion – but perhaps they should be considered more seriously, given Google’s approach.
More from VenturesBeat:
Bug bounty programs motivate individuals and hacker groups to not only find flaws but disclose them properly, instead of using them maliciously or selling them to parties that will.
Rewarding security researchers with bounties costs peanuts compared to paying for a serious security snafu.
Google’s bug bounty program has been growing since its inception, although the past few years have all seen total payouts around the $3 million mark. Seeing that number almost double this year suggests the program is more than alive and well. Indeed, Google’s security team has continued to expand the program and offer more lucrative rewards.
Google added that security researchers decided to donate an all-time-high of $507,000 to charity in 2019. That’s five times the amount ever previously donated in a single year.
The AV industry should consider following the example set by their big IT brothers and sisters; even if an AV company can’t pay out such large sums of money, there should be some sort of cash incentives for finding security vulnerabilities in AV systems.
Read Next: Hackathons and Cash for Hackers: What the AV Industry Needs
This can be done in several ways:
- Manufacturers – offer bug bounties for white-hat hackers who report vulnerabilities.
- Integrators – setup knowledge bases of custom code and configurations, and reward other programmers, engineers, and technicians who can find any vulnerabilities in the systems.
- Users – reward any employee who raises a security concern about a device or process.
