Security News > 2024 > March > Poking holes in Google tech bagged bug hunters $10M

Google awarded $10 million to 632 bug hunters last year through its vulnerability reward programs.

Google's 2023 highlights include newer reward categories, including finding flaws in its AI products and Android phone apps, plus a brand-new Bonus Awards program that periodically pays out time-limited, extra rewards for specific vulnerability targets.

Google also added Wear OS to the bounty program to encourage bug hunters to poke around in its smartwatches and other wearable tech.

In a live hack-a-thon for Wear OS and Android Automotive OS, bug bounty recipients received $70,000 for finding more than 20 critical vulnerabilities.

Last year, the Android juggernaut ran a bugSWAT live-hacking event targeting LLM products that produced 35 reports, totaling more than $87,000 rewards.

Jacobus describes 2023 as "a year of changes and experimentation" for Google's Chrome VRP, which awarded $2.1 million to bug hunters who spotted 359 unique Chrome vulnerabilities in 2023.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/13/google_2023_bug_bounties/