Google paid out $10 million last year through the Vulnerability Reward Program. The money went to 632 security researchers and ethical hackers from 68 countries who found vulnerabilities in Google’s software and reported them to the tech company. The highest reward for a single exploit was more than $113,000.
Google writes this in its Security Blog.
Google awards millions with Vulnerability Reward Program
It was October 2013 when Google launched the Vulnerability Reward Program. Through the bug bounty program, the technology company tries to convince researchers, developers and ethical hackers to report vulnerabilities, zero-day exploits or other security problems to the company. In return, they receive money. The amount of money depends on a number of things, including the severity and extent of the problem.
In 2022, Google paid out a record amount through the Vulnerability Reward Program: about 12 million dollars. That money was divided among 703 security researchers from 68 countries. The highest amount Google paid out to one person at the time was $605,000. The search engine giant paid out an average of $17,000 to participants.
Last year, Google distributed $10 million to 632 researchers from 68 countries, an average of $15,800 per participant. One security researcher had $113,337 credited to his account. Google is keeping mum about what kind of exploit he pointed out. In total, Google has paid out more than $59 million to ethical hackers.
Google handed out rewards in these categories
Google then describes the fees per category in detail in its weblog. The company awarded $3.4 million for the Android ecosystem, the operating system for mobile devices. Security researchers found over twenty critical vulnerabilities in WearOS and AutomotiveOS, the operating systems for wearables and cars, respectively. They received a reward of $70,000 for this.
In one year, Google received 359 unique reports of security problems regarding the Chrome web browser. In total, Google gave $2.1 million to researchers who reported the problems. Security company Hardware.io discovered more than fifty exploits in Nest, Fitbit, and other wearables. The company received a total of $116,000 for this.
Google rewarded researchers with more than $87,000 for research in artificial intelligence (AI). For example, three researchers described how they managed to hack Google’s AI chatbot, Google Bard, via Prompt Injections. To increase notifications of AI-related issues in the future, Google has published a guide describing the criteria for bugs in AI products.
Google will commit to more collaboration with the security community
Google is grateful to security researchers, software developers and ethical hackers for their efforts. The tech company also promises to remain committed to closer cooperation, innovation, and transparency with the security community.
Google ends its blog with the following statement: “Our mission is to stay ahead of emerging threats, adapt to changing technologies, and continue to improve the security of Google’s products and services. We look forward to making more progress in the world of cybersecurity.”
More Articles Here
Follow Us Here