In 2023, Google allocated $10 million in bug bounty rewards to 632 security researchers across 68 countries for identifying vulnerabilities in its products. This figure, though less than the $12 million disbursed in 2022, underscores the active engagement of the cybersecurity community in enhancing Google’s software safety. The largest single reward was $113,337. Since its inception in 2010, Google’s Vulnerability Reward Program has paid out $59 million. Android, the most widely used mobile OS, saw over $3.4 million in bounties, with Google upping the reward for critical Android vulnerabilities to $15,000. At security events, $70,000 was awarded for critical findings in Wear OS and Android Automotive OS, and $116,000 for 50 reports on Nest, Fitbit, and Wearables. Chrome browser issues led to $2.1 million in rewards for 359 bug reports. Google also incentivized the discovery of Chrome sandbox escape exploits by tripling payouts temporarily. The company’s generative AI products, like Google Bard, were also in focus, with a live-hacking event yielding $87,000 in rewards.
Read more at: www.bleepingcomputer.com