Google has revealed that it paid out $10 million to over 600 bug hunters from 68 countries in 2023.
Throughout the year, Google’s bug hunter community played a pivotal role in identifying and addressing thousands of vulnerabilities across various Google platforms. The company’s dedication to incentivising researchers saw the introduction of several new programs and improvements to existing ones.
Among the notable developments was the launch of the Bonus Awards program, which offers additional rewards for reports to specific Vulnerability Reward Program (VRP) targets. Additionally, the exploit reward program was expanded to include Chrome and Cloud, with the introduction of v8CTF, a Capture The Flag competition focused on V8, the JavaScript engine powering Chrome.
Furthermore, Google unveiled the Mobile VRP, focusing on first-party Android applications, and launched the Bughunters blog to share insights into the journey of making the internet safer.
The tech giant also hosted its annual security conference, ESCAL8, in Tokyo, featuring live hacking events, competitions, workshops, and talks from both researchers and Googlers.
In terms of Android security, Google achieved significant milestones by awarding over $3.4 million to researchers who uncovered vulnerabilities within the Android ecosystem. The maximum reward amount for critical vulnerabilities was increased to $15,000.
Expanding its program’s scope, Wear OS was added to incentivise research in new wearable technology, ensuring users’ safety. At the ESCAL8 conference, a live hacking event for Wear OS and Android Automotive OS resulted in over $70,000 rewarded to researchers for discovering critical vulnerabilities.
Google also acknowledged the contributions of security conferences like hardwear.io, which provided a platform for hardware security researchers to uncover vulnerabilities in devices such as Nest, Fitbit, and Wearables.
In the realm of Chrome security, Google introduced various initiatives, including the MiraclePtr Bypass Reward and the Full Chain Exploit Bonus, aimed at incentivising researchers to explore new avenues for vulnerability discovery. Despite the challenges, Google rewarded security researchers with $2.1 million for their contributions to Chrome Browser security.
Additionally, Google highlighted its efforts in AI security, with bugSWAT live-hacking events targeting LLM products. The company received 35 reports, totaling more than $87,000 in rewards, and discovered critical issues affecting AI systems.
Looking ahead, Google reaffirmed its commitment to collaboration, innovation, and transparency with the security community. The company aims to stay ahead of emerging threats and strengthen the security posture of its products and services, driving advancements in the cybersecurity landscape.
(Photo by Tai Bui on Unsplash)
See also: Google improves Android device orientation accuracy
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including BlockX, Digital Transformation Week, IoT Tech Expo and AI & Big Data Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.