Inside The Google I|O Developers Conference
Sundar Pichai, senior vice president of Android, Chrome and Apps for Google Inc., speaks during the Google I/O Annual Developers Conference in San Francisco, California, U.S., on Wednesday, June 25, 2014.  Photograph by Bloomberg via Getty Images

Here’s How Much Google Paid Out To Security Researchers Last Year

Jan 29, 2016

Google paid out more than $2 million during 2015 to security researchers who found vulnerabilities in its systems and services, taking the total since 2010 to over $6 million.

The growing pace of Google's security reward program is largely down to the addition of Android to the bug bounty scheme in 2015. In a blog post, Google Security's Eduardo Vela Nava said this move made "a significant and immediate impact" — the company launched its Android vulnerability reward program in June, and by the end of the year it had paid out over $200,000 for flaws found in the mobile operating system.

That Android scheme included $37,500 paid out to just one security researcher. It would also have included the $1,337 that went to Zimperium zLabs researcher Joshua Drake, who found the egregious Stagefright vulnerabilities.

Overall, during the year Google paid out more than 750 rewards to over 300 people, with the most prolific being one Tomasz Bojarski. Hilariously, one of Bojarski's scalps was a bug in the Google vulnerability submission form itself.

Get Data Sheet, Fortune’s technology newsletter.

The tally also included money paid out to Sanmay Ved, the guy who bought the "google.com" domain through the company's own domain sales service. He only had it for a minute before Google revoked the sale, but Google gave him $6,006.13 ("google" spelled out in numerals) as a reward, then doubled it after Ved donated the initial payment to the Art of Living India foundation.

Apart from researchers just coming to Google with bugs they've found, the firm has also started issuing vulnerability research grants, to encourage more people to dig around for flaws, safe in the knowledge that they'll get paid just for trying.

One scary result from that grant program was the discovery, by Russian researcher Kamil Histamullin, of a YouTube Creator Studio flaw that would have allowed anyone to easily delete any YouTube video. That one earned the finder an extra $5,000 on top of his grant.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions