Google awards record $12 mn to 700 bug researchers, Indian leads


Alphabet and Google CEO Sundar Pichai on Saturday said that the company awarded a record $12 million in bug bounties to more than 700 researchers in 2022, including the largest award in its bug bounty program history.

The Android Vulnerability Reward Programme (VRP) had a record-breaking year in 2022 with $4.8 million in rewards and the highest-paid report in Google VRP history of $605,000.

“Submitting an impressive 200+ vulnerabilities to the Android VRP, Aman Pandey of Bugsmirror remains one of our program’s top researchers,” said Sarah Jacobus of the Vulnerability Rewards Team at Google.

Since submitting its first report in 2019, Pandey reported more than 500 vulnerabilities in the program.

The invite-only Android Chipset Security Reward Programme (ACSRP) was awarded $486,000 in 2022 and received over 700 valid security reports.

Chrome VRP had another unparalleled year, receiving 470 valid and unique security bug reports, resulting in a total of $4 million of VRP rewards.

“Of the $4 million, $3.5 million was rewarded to researchers for 363 reports of security bugs in Chrome Browser and nearly $500,000 was rewarded for 110 reports of security bugs in ChromeOS,” informed Jacobus.

In August 2022, the company launched open-source software (OSS) VRP to reward vulnerabilities in Google’s open-source projects.

Since then, over 100 bug hunters have participated in the program and were rewarded over $110,000, according to the company.

“We’ve awarded more than $250,000 in grants to over 170 security researchers,” it added.

Related posts