In 2022 alone, Google paid out over $12 million in bounties and researchers donated more than $230,000 to their preferred charity.
(https://sm.mashable.com/mashable_in/seo/default/untitledaman-pandey-tops-the-google-bug-bounty-rewards-in-20_jd6p.jpg)
For websites owned by Google and Alphabet companies, a Vulnerability Reward Program has been in place since November 2010, and throughout 2022, Google worked with security experts to identify and resolve over 2,900 security issues.
The Android VRP had a record year in 2022, with $4.8 million in rewards and the highest-paid report earning $605,000, setting a new Google VRP record. The Android Chipset Security Reward Program (ACSRP) rewarded $486,000 and received more than 700 security reports. The Chrome VRP gave out $4 million in rewards, with researchers getting $3.5 million for reporting 363 security flaws in the Chrome browser and almost $500,000 for reporting 110 flaws in Chrome OS.
Google also introduced the OSS VRP in 2022 to reward vulnerabilities found in its open-source projects. Over 100 bug hunters took part in the program and got more than $110,000 in rewards. In addition, Google enhanced the learning opportunities for bug hunters at its Bug Hunter University (BHU) by expanding its scope and availability and making more than 20 instructional videos available.
Overall, Google's ongoing commitment to improving cybersecurity through its various reward programs is commendable and serves as an example for other organizations to follow.
Comparing its performance over the past year with earlier data is possible since the program has been around for quite a while. In 2021, only $8.7 million was paid, which seems insignificant compared to the current 12 million.
The increase in payments can be attributed to additional incentives that the company offers and more suitable devices being added to its list, including Fitbit and Google Nest devices. Furthermore, adding open source products to the program has certainly affected the payments.
In the current year, the company plans to offer more experiments within the Chrome program, providing bonus features and other experiments for those who find bugs and vulnerabilities. The company has also added over 20 training videos for researchers looking to uncover problems, making the process easier than before. However, this also means that there will be a significantly higher level of competition in this direction.
Google's revenue of about $280 billion in 2022 puts the $12 million it pays developers in perspective. This investment is essential for the company since actively exploited vulnerabilities pose a much greater risk to its profits. One data leak is all it takes for billions of dollars to be lost on the stock price alone, and if users lose their data due to virus applications or problems with Chrome, the case may go to court, causing great harm to the company.
To protect themselves, many IT giants like Apple, Google, and Microsoft constantly hire third-party hackers for good money. Although the company can protect itself from internal threats, the efforts made to improve the quality of the product are invaluable.