In 2023, Google paid $10 million as a reward to researchers for discovering vulnerabilities in its services

In 2023, Google paid $10 million as a reward to researchers for discovering vulnerabilities in its services

In 2023, Google paid $10 million under its global bug bounty program to researchers and white-collar hackers for discovering vulnerabilities in its services and projects in Chrome, Android, Google Play, Google products, and the company’s open source software. This is $2 million less than in 2022.

Experts believe that while this amount is less than Google’s 2022 vulnerability rewards, the amount is still significant and the company’s policy demonstrates a high level of interest for the IS community to participate in Google’s security efforts. For comparison, “Yandex” in 2023 paid researchers $770,000 as part of its “Bug Hunting” bug bounty

The highest reward for reporting a vulnerability in Google services in 2023 was $113,337. Payments were made to 632 white-collar hackers from 68 countries around the world.

The total amount of payments from Google since the launch of the bugbounty program in 2010 has reached $59 million as a reward to security researchers from 84 different countries for reporting more than 15,000 vulnerabilities.

For the vulnerabilities found in Android, Google paid out more than $3.4 million in 2023. Another major Google software project, the Chrome browser, also became the object of research. It was followed by white-collar hackers sending 359 security bug reports, for which Google paid out a total of $2.1 million in 2023. The company’s other big payouts related to vulnerability reports in cloud-based AI products such as Google Cloud and the Google Gemini chatbot (Bard ).

Also, in 2023, Google continued the Mobile VRP program for finding vulnerabilities in third-party Android applications. The company opened access to the online site Bughunters blog, where white hackers can exchange ideas and security measures on the Internet. In addition to bug bounty programs, Google held several IS conferences in 2023, where various technical hacking events and meetings, seminars and hackathons were held online and offline.

In addition, last year Google awarded more than $200,000 in grants to security researchers and accepted submissions to the invite-only Android Chipset Security Reward Program (ACSRP). This is Google’s private rewards program that works in partnership with Android chipset developers.

Related posts