🧊 Google to Pay Out $12 Million in Bug Bounties in 2024

[chushpan]

Google’s vulnerability bounty program paid out $11.8 million to the security research community last year to make the company and its products more secure.

According to Google, a total of 660 security researchers received a bounty for reporting their findings to the company. The largest bounty for a single vulnerability was over $110,000. On average, Google paid almost $18,000 to each participant.

🗞 The tech company has made some changes to the reward structure of its Vulnerability Reward Program. The maximum reward for a single vulnerability has increased from $151,515 to $300,000. This money is intended for developers who report critical vulnerabilities in high-level applications.

Google has received 337 Chrome security bug reports and awarded 137 researchers a total of $3.4 million. The largest reward in this category was $100,115, which was received by a security researcher for reporting a MiraclePtr bypass after MiraclePtr was initially enabled in Chrome on most platforms in 2023.

The Android and Google Devices Security Bounty Program and the Google Mobile Vulnerability Bounty Program, part of the Google Bug Hunters program, have awarded more than $3.3 million to researchers who found critical vulnerabilities in Android and Google mobile apps.