Network Security, Vulnerability Management

Google bug bounty contest ends without a winner… or even a single valid entry

Google's Project Zero Prize ironically lived up to its name when the company announced last week that not a single researcher submitted a valid entry to the company's bug bounty contest.

Launched last September, the competition tasked challengers with finding a vulnerability or bug chain that could remotely execute code on multiple Android devices without any user interaction, knowing only the devices' phone numbers and email addresses.

While several teams and individuals claimed that they were working on an entry, Google ended up receiving only spam and invalid entries that did not follow submission guidelines, the company reported.

Google acknowledged that its $200,000 grand prize may not have been sufficient enough to entice researchers. Ilia Kolochenko, CEO of web security company High-Tech Bridge, agreed, noting that Google also recently increased its bug-bounty reward for remote code execution exploits by 56.7 percent.

“This potential ‘pay-rise' for white hat hackers tells something for certain, that black hats are paying more for vulnerabilities, and even the highest bounties offered by Google and Microsoft are no longer competitive with what cybercriminals can offer now," said Kolochenko. “The rise in bounty clearly means that talented white hat security researchers are too busy with their well-paid daily jobs to bother spending time hunting risky bounties."

Google also suggested that its bug criteria may have been too narrow, and that other competitions may have drawn interest away from the Project Zero Prize.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.