Skip to content

Google’s Bug Bounty Program rewards white hat hackers

By Selin Atay
Mar 14, 2024 4:35 PM

The search giant reveals its hefty tally of awards to 632 bug-hunting researchers across 68 countries

In 2023, Google’s bug bounty program paid out a total of $10 million to security researchers and white hat hackers globally, marking a slight decrease from the previous year’s payout.

The program, known as Google’s Bug Bounty Program, encourages cybersecurity experts to identify and report vulnerabilities in various Google services and projects including Chrome, Android, Google Play, and the company’s open-source software. Through this initiative, Google aims to enhance the security of its digital ecosystem by addressing potential weaknesses before they can be exploited by malicious actors.

“Just like all major tech firms, Google’s bounty program rewards researchers who not only report bugs but also help the company fix any major security lapses,” a spokesperson from Google emphasized.

Global collaboration in cybersecurity

According to a blog post released by Google on Tuesday, the tech giant disbursed the $10 million bounty to over 600 researchers hailing from 68 different countries.

This underscores the global nature of the company’s efforts to fortify its digital ecosystem against potential threats.

“Last year, we again witnessed the power of community-driven security efforts as researchers from around the world contributed to help us identify and address thousands of vulnerabilities in our products and services,” Google stated, highlighting the collaborative nature of their cybersecurity initiatives.

Despite the slight dip in the total bounty payout compared to the previous year, experts recognize the significant contributions made by the global community of researchers. For context, in 2023, Yandex, a Russian tech company, paid researchers $770 thousand under its “Bug Hunt” bounty program.

Rewards and recognition

The highest reward granted for vulnerability reports within Google’s services in 2023 amounted to $113,337. The recipient’s identity remains undisclosed, leaving a mystery around which specific bugs or bugs were uncovered. 

However, the company did single out and thank two individuals – Zinuo Han (@ele7enxxh) of OPPO Amber Security Lab and Yu-Cheng Lin (林禹成) (@AndroBugs) as those among the top bug hunters reporting Android flaws.

In 2023, Google allocated over $3.4 million for vulnerabilities discovered in Android, while the Chrome browser, another major Google project, received significant attention from white hat hackers. A total of 359 security bug reports were submitted for Chrome, resulting in payouts totaling $2.1 million.

Notably, one individual received a $30,000 reward for uncovering a persistent bug in the V8 JavaScript engine’s Just-In-Time (JIT) compiler.

Additionally, substantial payouts were made in response to vulnerability reports in Google’s cloud AI products such as Google Cloud and the Google Gemini chatbot (Bard).

“We would like to give a special thank you to all of our dedicated researchers for their continued work with our programs – we look forward to more collaboration in the future!” Google expressed its gratitude toward the researchers contributing to its bug bounty program.

With cybersecurity threats evolving rapidly, the collaboration between tech companies and the global cybersecurity community remains crucial in safeguarding digital infrastructures against potential vulnerabilities and attacks.

Source: Newsroom

#haber#

Last Updated:  May 28, 2024 6:34 PM