Google has announced that it paid out $10 million as part of its bug bounty program in 2023, its second-biggest year ever and bringing its total rewards since 2010 to $59 million.
Last year, the company’s $10 million was directed to a total of 632 researchers across 68 countries, with the highest payout coming in at a life-changing $113,337 as Google looked back its commitment to cybersecurity.
The annual initiative, part of Google’s Vulnerability Reward Program (VRP), aims to identify and address vulnerabilities in the company’s products and services by collaborating with the global bug hunter community, making the move a win-win for both teams.
Google just had its second-biggest year for bug bounties
The 2023 program saw several enhancements and changes, including the introduction of the Bonus Awards program, offering time-limited extra rewards for reports to specific VRP targets. The program was also expanded to Chrome and Cloud, with mobile users also benefitting from the launch of Mobile VRP, an initiative that focuses on first-party Android apps.
Around one-third ($3.4 million) of the company’s 2023 payout went to the discovery of bugs affecting Android apps and other Google Device flaws, while a total of 359 unique reports addressed Chrome bugs.
Another category expected to experience significant growth over the coming years will be AI, with the California company publishing specific guidance for AI-related bugs and hosting an LLM-specific event.
A statement in the announcement reads: “Our ongoing mission is to stay ahead of emerging threats, adapt to evolving technologies, and continue to strengthen the security posture of Google’s products and services.”
Google also thanked the developer and bug hunter communities for their ongoing work, highlighting some key discoveries of 2023.