Google announced that it has paid out $10 million as part of its bug bounty program in 2023, its second-largest year ever, bringing the total reward amount since 2010 to $59 million.
Last year, the company’s $10 million went to a total of 632 researchers in 68 countries, with the highest payout being a life-changing $113,337, as Google reflected on its commitment to cybersecurity.
The annual initiative, part of Google’s Vulnerability Reward Program (VRP), aims to identify and address vulnerabilities in the company’s products and services by working with the global community of bug hunters, making this move a win-win situation will be for both teams.
Google just completed its second-biggest year in bug bounties
The 2023 program saw several enhancements and changes, including the introduction of the Bonus Awards program, which provides time-limited additional rewards for reporting on specific VRP goals. The program was also expanded to Chrome and Cloud, with mobile users also benefiting from the launch of Mobile VRP, an initiative focused on first-party Android apps.
About a third ($3.4 million) of the company’s 2023 payout went to discovering bugs in Android apps and other flaws in Google devices, while a total of 359 unique reports focused on Chrome bugs.
Another category expected to see significant growth in the coming years is AI, with the Californian company publishing specific guidelines for AI-related bugs and hosting an LLM-specific event.
A statement in the announcement states: “Our ongoing mission is to stay ahead of emerging threats, adapt to evolving technologies, and continue to strengthen the security posture of Google’s products and services.”
Google also thanked the developer and bug hunter communities for their continued work, highlighting some key discoveries of 2023.