Google rewarded 632 people in 68 countries in 2023 for correctly reporting security vulnerabilities. They received a total of ten million US dollars (currently 9.15 million euros). This is the second highest value in the history of the “Vulnerability Reward Program” (VRP), as Google calls its bug bounty.
Advertisement
The record dates from the year before, 2022. At that time, Google's bug bounty paid out twelve million US dollars to 703 IT security researchers. At that time they reported a total of 2,900 security vulnerabilities. The data company does not reveal in its statistics how many gaps the 632 successful participants reported in total in 2023. Since the beginning, which here means 2010 anno domini, Google says it has shelled out a total of $59 million for correctly reported security gaps.
New: Wear OS and Alphabet apps for Android
Google is constantly coming up with new ideas to draw the attention of security researchers firstly to itself and secondly to specific areas. Because it would probably be significantly more expensive to find the security gaps using only your own employees.
New additions in 2023 include bug bounties for security problems with Wear OS and for certain Android apps from the Alphabet Group, which, in addition to Google, includes Fitbit, Nest Labs and Waymo. For Android, Google has increased the maximum reward for a single post to $15,000; In other areas the prices are significantly higher. The highest bug bounty in the reporting year was 113,337 US dollars (currently around 103,700 euros).
A third of the total annual distribution went to the Android operating system and a fifth to the Chrome web browser. Google also offers rewards for reporting security-related problems with artificial intelligence. In the fall, the Google Engineering development department made it clear which shortcomings were eligible and which were not.
(ds)