Google awarded $10 million in bug bounties final 12 months, the second highest in this system’s historical past
[ad_1]
Briefly: Google has introduced that it awarded an enormous $10 million final 12 months in bug bounty rewards, the second-largest quantity this system has ever paid out. The best single award in 2023 was a formidable $113,337.
Google says that the $10 million it paid out through its Vulnerability Reward Program went to 632 researchers from 68 international locations who found and reported vulnerabilities within the firm’s merchandise.
Final 12 months’s whole was barely decrease than the report $12 million Google paid out in bug bounty rewards throughout 2022, nevertheless it’s nonetheless the second-largest quantity ever. Because the program launched in 2010, it has earned researchers a complete of $59 million.
For its Android OS, Google handed over $3.4 million in rewards to researchers who uncovered vulnerabilities within the cell working system. Google additionally elevated its most reward quantity for Android-related discoveries to $15,000, serving to incentivize reporting.
Final 12 months noticed Put on OS added to the bug bounty program within the hope that it’s going to encourage extra researchers to search for vulnerabilities in wearable know-how that would put customers in danger.
Google highlighted some safety conferences the place a number of points had been uncovered. It hosted a reside hacking occasion for Put on OS and Android Automotive OS on the ESCAL8 convention, which noticed researchers awarded $70,000 for locating over 20 important vulnerabilities. It additionally spotlighted the hardwear.io safety conferences, the place {hardware} safety researchers uncovered over 50 vulnerabilities in Nest, Fitbit, and Wearables, incomes them a complete of $116,000 final 12 months.
Google added generative AI to its Vulnerability Reward Program in 2023. It ran a bugSWAT live-hacking occasion focusing on LLM merchandise that resulted in 35 experiences and greater than $87,000 being paid out. It additionally uncovered points like Hacking Google Bard – From Prompt Injection to Data Exfiltration and We Hacked Google A.I. for $50,000.
Elsewhere, one Chrome researcher grabbed a $30,000 reward for reporting a V8 JIT optimization bug that had been within the browser since at the very least M91, which acquired a secure launch in Might 2021.
[ad_2]
Source
