Google recently released its review regarding its Vulnerability Reward Programs (VRP) in 2022.
And we have to admit that bug hunting can pay off big at Google.
$12 million in bounties for bug hunters
In a blog post, Google takes stock of the year 2022 regarding its bug hunting program ” Vulnerability Reward Programs “. In total, by working with security researchers throughout the past year, Google says it was able to identify (and fix!) More than 2,900 flaws.
The American giant announces that its VRP program continues to grow over the years, so much so that the year 2022 set a new record. ” In 2022, we awarded more than $12 million in bounty, with researchers donating more than $230,000 to the charity of their choice “says Google.
The bug that was worth $605,000!
The highest reward is to be credited to a chain of five bugs, identified by the user gzobqq, and which allowed him to glean the sum of… 605,000 dollars! It was this same gzobqq who identified another critical flaw in Android in 2021, pocketing a reward of $157,000.
In total, Google has paid out no less than $4.8 million in rewards under its VRP for Android. Some users have thus reported dozens of bugs to the American giant, Aman Pandey of Bugsmirror, even totaling more than 200.
The program dedicated to Chrome has also been a great success, with a total of 470 bugs reported and corrected, for 4 million dollars in cumulative rewards. Of that $4 million, $3.5 million was awarded for 363 security bugs identified in the Chrome browser, with the rest awarded for just over a hundred bugs discovered within ChromeOS.
In 2023, Google intends to continue the development of its VRP program. Those who wish to be part of the “bug hunters” team are invited to contact this address directly.
Source : Bleeding Computer
16