Google paid millions to researchers as a part of the bounty program in 2023
Google’s bounty program rewards researchers who not only report bugs but also helps the company fix any major security lapses.
Just like all major tech firms, Google also offers a bug bounty program, wherein it pays its security researchers to find vulnerabilities in its products and services. On Tuesday, the tech giant in its blog revealed that last year it paid a staggering $10 million to more than 600 researchers in 68 nations.
Google stated, “Last year, we again witnessed the power of community-driven security efforts as researchers from around the world contributed to help us identify and address thousands of vulnerabilities in our products and services. Working with our dedicated bug hunter community, we awarded $10 million to our 600+ researchers based in 68 countries.”
The blog revealed that in a bid to aid their engagement with the top security researchers, Google also hosted their “yearly security conference ESCAL8 in Tokyo.” While sharing their “2023 Year in Review statistics across” all of the programs, Google also expressed gratitude towards all dedicated researchers. It stated, “We would like to give a special thank you to all of our dedicated researchers for their continued work with our programs – we look forward to more collaboration in the future!”
Continuing further, the blog post claimed that the $10 million bounty was distributed among 632 researchers across 68 nations. Without disclosing the specific recipient or the exact bug they unearthed, Google noted that while the collective sum was shared generously, the highest individual reward was $113,337.
Google also revealed that the researcher who found major flaws in Android bagged over $3.4 million, while the one who detected critical vulnerabilities was rewarded with $15,000. The blog added, “We awarded over $3.4 million in rewards to researchers who uncovered remarkable vulnerabilities within Android and increased our maximum reward amount to $15,000 for critical vulnerabilities.”
Google continued, “Working closely with top researchers at the ESCAL8 conference, we also hosted a live hacking event for Wear OS and Android Automotive OS which resulted in a $70,000 reward to researchers for finding over 20 critical vulnerabilities.
During its I/O conference, Google engaged with top hardware security researchers who discovered more than “50 vulnerabilities in Nest, Fitbit, and Wearables, and received a total of $116,000 last year!” It is also worth noting that a total of 359 unique security bugs in Chrome Browser were reported by researchers, which “resulted in $2.1M in rewards.”