Google’s Vulnerability Reward Program paid $11.8 million to the security research community last year to make the company and its products safer.
According to Google, a total of 660 security researchers were rewarded for reporting their findings to the company. The highest reward for a single vulnerability reward was over $110,000. On average, Google paid each participant almost $18,000.
The tech company made some changes to the reward structure of its Vulnerability Reward Program. The maximum reward for a single vulnerability increased from $151,515 to $300,000. That money is meant for developers who report critical vulnerabilities in top-tier apps.
Google received 337 security bug reports in Chrome and awarded 137 researchers a total of $3.4 million. The highest single reward in this category was $100,115, awarded to a security researcher for reporting a MiraclePtr Bypass after MiraclePtr was initially enabled across most platforms in Chrome in 2023.
The Android and Google Devices Security Reward Program and the Google Mobile Vulnerability Reward Program, both part of Google’s Bug Hunters program, donated over $3.3 million to researchers who uncovered critical vulnerabilities within Android and Google mobile applications.
“Although we saw an 8% decrease in the total number of submissions, there was a 2% increase in the number of critical and high vulnerabilities. In other words, fewer researchers are submitting fewer, but more impactful bugs, and are citing the improved security posture of the Android operating system as the central challenge,” Google states in a blog post.
Google’s cloud-based vulnerability reward program, Cloud VRP, received over 400 reports and recorded over 200 unique security bugs for Google Cloud products and services, leading to over $500,000 in rewards.
Lastly, Google received over 150 reports describing bugs in its large language models (LLMs), resulting in over $55,000 in rewards so far.
Google uses its Vulnerability Reward Program to encourage ethical hackers, security researchers, and developers to report vulnerabilities, zero-day exploits or other security issues to the company in order to keep Google products and services safe.
Your email address will not be published. Required fields are markedmarked