Who would have thought you could become a crorepati by pointing fingers at flaws? Well, Indian techie Aman Pandey did report the flaw and has won a reward worth Rs 65 crore from Google. His name appeared on a list of the top researchers of the Vulnerability Rewards Program, or VRP. According to Google, he reported 232 vulnerabilities in Android just last year and more than 280 valid issues since he began reporting problems in 2019.
Pandey is a BTech graduate of NIT Bhopal, a true blood techie, with expertise in Mobile Application Development, Java, Software as a Service, and Product Development. As a result of turning Google’s vulnerabilities into opportunities, he has changed the narrative of cybersecurity by keeping Android and Chrome safe in his own way.
Google, which dominates the world’s tech space, has been constantly transforming the nuances of cybersecurity. Globalization is transforming and leading towards digitalization, and cybersecurity is a growing concern for everyone. In this technologically-driven world, techies like Pandey make a real difference to make it safer. This is what Pandey does for a living. His company Bugsmirror was established under the motto ‘to secure and bolster everyone against cyber threats, ensuring your smartphones, PDAs, and other IoT devices are free from malware and viruses. We are currently focused on Android’.
Get paid to report bugs
Google’s VRP is not new. Researchers are paid by tech companies such as Apple, Google, and Microsoft to locate any ‘bugs’ or ‘flaws’ in their products. Rewards programs like these, called ‘Bugs Bounty’, help sanitize the working environment. In 2021 alone, Android issued rewards worth around $3 million – twice the amount in 2020 – to 119 researchers worldwide for finding critical flaws. VRPs for the same period were paid out by Google to the tune of $8.7 million.
In 2021, Pandey earned $8.7 million (roughly Rs 65.3 crore) from this VRP. Google’s VRP, dedicated to making this year an anti-bug year, also paid the highest payout ever for an exploit chain found in Android – $157,000. As part of this bounty, the company has also offered $1.5 million to anybody who can find a way to compromise its Titan-M security chip, which it uses in its Pixel smartphones. The prize has not yet been claimed. Researchers who submitted 333 unique Chrome Security issues won $3.3 million in the ‘Bounty’ for Chrome browser, a new record.
Google’s blog post also mentions Android security researcher Yu-Cheng Lin from China, who submitted a total of 128 valid reports in 2021. For reporting a root privilege escalation vulnerability, Rory McNamara, a Chrome OS VRP researcher who has participated in the ‘Bounty’ for five years, won $45,000 – the highest single prize awarded in the program. An attacker can use the root access privilege bug to gain illicit access to elevated rights and privileges on a device. Complaining and pointing out problems isn’t always a bad thing. With the help of researchers like Pandey, Google rewards researchers reporting security issues.
Post Your Comments