- Google is notorious for having fun with numbers.
- On Friday, the search giant said that it paid a security researcher an award of $1,337 — a stylized way of writing “leet,” as in “elite,” a reference to a programming joke that goes back to the ’80s.
- This came as part of Google’s annual report on its bug bounty program, where it pays security experts to find flaws and vulnerabilities in its software. The program paid out $3.4 million to 317 total security researchers in 2018.
- Google often plays little tricks like this with its bug bounty program: It once paid out $6,006.13 — or, Google spelled-out numerically — to the researcher who managed to buy the “Google.com” domain for one minute.
Google shared on Friday its annual report on its Security Vulnerability Reward Program, where it pays out bounties to experts and enthusiasts who find flaws in its software. All told, Google says, the program paid out $3.4 million to 317 participants in 2018.
However, the report singles out one particular story: That of researcher Dzmitry Lukyanenka, who became a full-time bug bounty hunter after losing his job.
Google told Business Insider that it awarded multiple bounties to Lukyanenka this year, most of which totalled $1,337 — a stylized way of writing “leet,” as in “elite,” in a joke that programmers have been making since the ’80s. Even today, it’s not uncommon for a programmer or gamer to joke that they are a “1337 h4x0r,” which is to say, an “elite hacker,” or that someone else is a “n00b,” or “newbie.”
Google also told us that throughout the years, the prolific Lukyanenka has been paid a $1,337 bounty a dozen times, or $16,044 — an amount that has become known internally at Google as “1dmitry,” after the researcher’s first name. Separately, Google also paid Lukyanenka $1,337 several other times in the form of grants, unrelated to finding specific security vulnerabilities, to support his work, while also doubling down on the joke.
This isn’t the first time that Google’s bug bounty program has made a joke out of its payout structure. In its 2015 bug bounty report, the company said it paid out $6,006.13 — or, Google spelled-out numerically — to the researcher who managed to buy the “Google.com” domain for one minute. After that researcher revealed his intentions to donate the windfall to charity, Google doubled the amount.
However, the math jokes go well beyond this program. That same year, Google’s parent company Alphabet bought back $5,099,019,513.59 worth of stock — or, the square root of 26, the number of letters in the alphabet, times a billion.
This year’s bug bounty payouts were bigger than those in 2017, when Google paid $2.9 million to 274 researchers. The company said that half of the bounties in 2018 went towards vulnerabilities found in its Android and Chrome platforms.
Got a tip? Contact this reporter via Signal at +1 (209) 730-3387, email email@example.com, or direct message on Twitter @nickbastone.