TechDogs-"Google’s Vulnerability Reward Program Sees The Company Dish Out $10 Million In 2023!"

Software Development

Google’s Vulnerability Reward Program Sees The Company Dish Out $10 Million In 2023!

By TD NewsDesk

TD NewsDesk

Updated on Fri, Mar 15, 2024

Overall Rating
While most companies engage in alpha testing and beta testing to find bugs before rolling out a software product or application to the general public, it’s not uncommon to find bugs escape those phases.

What’s uncommon though is Google and its parent company Alphabet’s way of handling bugs. The company offers users rewards for finding and reporting bugs observed across its various products and platforms, which is based on the severity of the bug found.

The idea is to keep “Google products and the Internet safe and secure,” according to the company’s website dedicated to the cause.

Now, Google’s report comes with “the latest news and insights from Google on security and safety on the Internet” with a release that reviews the Vulnerability Reward Program for 2023.

So, what did Google reveal about its bug bounty program? Let’s explore!
 

What Did Google Report About Its 2023 Vulnerability Reward Program?

 
  • In a report released by Google through Sarah Jacobus, Vulnerability Rewards Team at Google, the company revealed that in 2023, they awarded a total of $10 million to bug hunters, which included 632 researchers based in 68 countries.

  • The highest reward for 2023 was $113,337. Google did not reveal details of the recipient for the same.

  • However, the company did thank two individuals, saying, “A huge thank you to the researchers who made our program such a success. A special shout out to Zinuo Han (@ele7enxxh) of OPPO Amber Security Lab and Yu-Cheng Lin (@AndroBugs) for your hard work and continuing to be some of the top researchers contributing to Android VRPs!”

  • Furthermore, the release mentioned the changes and improvements that were made to Google’s Vulnerability Reward Programs.

  • These included periodically offering time-limited, extra rewards for reports to specific VRP targets, the expansion of its exploit reward program to Chrome and Cloud, launching its Mobile VRP which focuses on first-party Android applications, its new Bug Hunters Blog and others.

  • The services in scope includes any Google-owned or Alphabet subsidiary web service that handles reasonably sensitive user data, which are covered across Google.com, youtube.com, blogger.com, verily.com, onduo.com, projectbaseline.com, signalpath.com, deepmind.com, granularinsurance.com and waymo.com.

  • Google’s Bug Hunters consists of “a small team of friendly Google security engineers from around the world. All reports come to us, and we personally review each and every one.”

  • In terms of products, Android and Google Device rewards totaled over $3.4 million for Android bugs and increased its maximum reward amount to $15,000 for critical vulnerabilities. Bugs in Wear OS and Android Auto, resulted in $70,000, while vulnerabilities in Chrome reached 359 unique reports for $2.1 million.

  • The company has been running this program since 2010 and has amassed over $59 million in rewards.

  • Over the years, the amount doled out has been steadily increasing, with the highest touching $12 million in 2022 distributed across 703 paid researchers, 68 countries and the record highest individual reward at $605,000.


TechDogs-"A Screenshot Of The Details Of Google's 2023 Vulnerability Reward Program"  

What Did Google Say About Its Future Plans Regarding Safety?

 
  • Within the same blog, Google outlined its future plans, saying, “We remain committed to fostering collaboration, innovation, and transparency with the security community. Our ongoing mission is to stay ahead of emerging threats, adapt to evolving technologies, and continue to strengthen the security posture of Google’s products and services.”

  • [Contd.] “We look forward to continuing to drive greater advancements in the world of cybersecurity. A huge thank you to our bug hunter community for helping to make Google products and platforms more safe and secure for our users around the world!”


TechDogs-"A Screenshot Of The Total Rewards Of Google's Vulnerability Reward Program Over The Years"
Users can learn how to report bugs to Google by visiting their Bug Hunters website.

Do you think other software companies should adopt similar programs to get users to report critical issues before they become problematic and costly?

Let us know in the comments below!

First published on Fri, Mar 15, 2024

Enjoyed what you read? Great news – there’s a lot more to explore!

Dive into our content repository of the latest tech news, a diverse range of articles spanning introductory guides, product reviews, trends and more, along with engaging interviews, up-to-date AI blogs and hilarious tech memes!

Also explore our collection of branded insights via informative white papers, enlightening case studies, in-depth reports, educational videos and exciting events and webinars from leading global brands.

Head to the TechDogs homepage to Know Your World of technology today!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs’ members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs’ Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs’ site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.

Tags:

Bug Tracking SoftwareSoftware Development Cyber Security Software Bugs Google Bug Bounty Vulnerability Reward Program Google VRP

Join The Discussion

- Promoted By TechDogs -

Harnessing The Power Of AI And ML To Achieve A Single Source Of Truth