Google Rewards Researcher For Finding Google Domains Bug

Google / Tech
600613 means Google

You remember that time Google accidentally forgot to renew its domain and allowed an ex-employee to snag it? If you don’t, you should totally read up on it here.

The too long didn’t read version is this: Sanmay Ved, an ex-employee of Google, was poking around in the Google Domains and found the domain up for sale. He bought it for $12 and quickly documented the purchase, right before Google’s computers picked up on it a minute later and reversed the transaction. We later learnt that Google paid a then undisclosed amount to Sanmay Ved for finding this bug, which was doubled when he announced his intention of donating the money to The Art of Living India, a charity which works on bringing education to the poor of the nation.

We now know the actual amount Google paid out. Google initially offered Sanmay Ved $6006.13 as a reward, which numerically spells out Google. The amount was doubled, so Google paid a total of $12,012.26.

You may have read about Sanmay Ved, a researcher from who was able to buy for one minute on Google Domains. Our initial financial reward to Sanmay — $ 6,006.13 — spelled-out Google, numerically (squint a little and you’ll see it!). We then doubled this amount when Sanmay donated his reward to charity.

This was revealed as part of Google’s annual Security Rewards review. Google also named Tomasz Bojarski as the most prolific researcher of the year.

Tomasz Bojarski found 70 bugs on Google in 2015, and was our most prolific researcher of the year. He found a bug in our vulnerability submission form.

2015 was also the year Android joined the Security Rewards program.

Android was a newcomer to the Security Reward program initiative in 2015 and it made a significant and immediate impact as soon as it joined the program. We launched our Android VRP in June, and by the end of 2015, we had paid more than $200,000 to researchers for their work, including our largest single payment of $37,500 to an Android security researcher.

Clearly Google is taking security quite seriously, like a lot of other major corporations which offer similar rewards programs.

  Source: Google Online Security Blog
To Top