March 12, 2024 at 02:04PM
Google announced a $10 million payout in 2023 for its bug bounty programs, totaling $59 million since 2010. 632 researchers from 68 countries earned rewards, with the highest single payout at $113,337. $3.4 million was awarded for Android vulnerabilities, with increased maximum rewards. Google’s bug bounty payouts are comparable to Microsoft’s $63 million since 2013.
From the meeting notes, the key takeaways are:
– Google paid out a total of $10 million through its bug bounty programs in 2023, bringing the total amount awarded since 2010 to $59 million.
– The total paid out in 2023 is less than 2022 but still significant, with the money earned by 632 researchers from 68 countries.
– The highest single reward was $113,337, and $3.4 million was awarded to researchers who found vulnerabilities in the Android operating system.
– Google highlighted two conferences, ESCAL8 and Hardwear.io, where significant amounts were earned by researchers for finding vulnerabilities in various products.
– A live-hacking event focusing on generative AI resulted in participants earning more than $87,000 for 35 exploits.
In addition, Google’s total bug bounty payouts are comparable to Microsoft’s, which reported a total of $63 million since the launch of its first bug bounty program a decade ago.