"Google Delivers Record-Breaking $12M in Bug Bounties"

Last year, Google addressed more than 2,900 security vulnerabilities in its products and platforms, awarding more than $12 million in bug bounty rewards to researchers in a record-breaking cash storm.  In 2021 $8.5 million in rewards were paid.  According to Google's annual "Vulnerability Reward Program" (VRP) report, several VRP segments saw record highs in 2022, including the Android ecosystem, which doled out a cool $4.8 million to bug hunters.  That total included the highest paid bounty in Google VRP history ($605,000) for a critical-rated exploit chain submitted by a white-hat known as "gzobqq."  Google noted that the invite-only Android Chipset Security Reward Program (ACSRP), which is run in tandem with manufacturers of Android chipsets, awarded $486,000 in collective bounties in 2022 across 700 valid security reports.  Over at the Chrome VRP, $4 million was paid across approximately 470 valid security bug reports.  Of that, $3.5 million was rewarded to researchers for 363 reports of security bugs in the Chrome Browser, and nearly $500,000 was rewarded for 110 reports of security bugs in ChromeOS.  The company's relatively new open source software (OSS) VRP, launched last August to cover supply chain issues in Google packages, released more than $110,000 in rewards to its roughly 100 participating bug hunters.  Sarah Jacobus, technical program manager at the Vulnerability Rewards Team, stated that more opportunities are coming for Google's bug hunters, including an expansion of the Android and Google Devices VRPs to include the latest versions of Google Nest and Fitbit as in scope.  Jacobus noted that also 2023 will be the year of experimentation in the Chrome VRP.  Jacobus also stated that Google Play Security Reward Program (GPSRP) will look to expand its stable of bug hunters throughout this year and plans to sponsor various bounty events focused on Android and Google Play apps to attract new talent.

 

Dark Reading reports: "Google Delivers Record-Breaking $12M in Bug Bounties"

Submitted by Anonymous on