Google paid $12 million in bug bounties to safety researchers

Posted on By No Comments on Google paid $12 million in bug bounties to safety researchers
Technology

[ad_1]

Google paid $12 million in bug bounties to security researchers

Google final 12 months paid its highest bug bounty ever by way of the Vulnerability Reward Program for a crucial exploit chain report that the corporate valued at $605,000.

In complete, Google spent over $12 million for greater than 2,900 vulnerabilities in its merchandise found and reported by safety researchers.

Google in 2022 paid $12 million in bounties through its Vulnerability Reward Programs
Complete of Google bug rewards leap to $12 million in 2022
supply: Google

Android bug bounties

Google published the statistics for the Vulnerability Reward Applications (VRPs) in 2022, offering an summary of how the safety analysis group contributed to creating the corporate merchandise safer.

The largest payout was for a report detailing an exploit chain of 5 bugs (CVE-2022-20427, CVE-2022-20428, CVE-2022-20454, CVE-2022-20459, CVE-2022-20460) in Android submitted by gzobqq, which was rewarded with $605,000.

In 2021, the identical researcher found and reported one other crucial exploit chain in Android and obtained $157,000 – the best bug bounty in Android VRP historical past on the time.

Sometimes, the bounty for Android vulnerabilities submitted by way of Google VRP is as much as $10,000 however for exploit chains, the corporate pays as a lot as $1 million.

In 2022, Google paid $4.8 million in rewards for lots of of Android bugs. The highest researchers that reported many of the vulnerabilities are:

Google additionally awarded $486,000 final 12 months for 700 safety reviews by way of the invite-only Android Chipset Safety Reward Program (ACSRP) – a non-public reward program that Google affords in collaboration with Android chipset makers.

Chrome and OSS rewards

The corporate additionally paid a complete of $4 million in 2022 for 363 vulnerabilities in Chrome Browser and 110 safety points in ChromeOS.

Google introduced that this 12 months Chrome VRP will begin experimenting and will supply bonus alternatives for safety points reported within the browser and ChromeOS.

The rewards program for open-source products that Google launched in August 2022 awarded greater than 100 bug hunters with over $110,000.

Aside from bounties paid to researchers, Google additionally awarded greater than $250,000 in grants to greater than 170 researchers. These funds are for people that keep watch over Google services and products, even when they don’t discover any vulnerabilities.

In 2022, Google paid 703 researchers for the reviews submitted by way of the Vulnerability Rewards Applications and was a sponsor for the NahamCon and BountyCon security-related conferences.

[ad_2]

Source_link

You may also like

Technology
Hyundai and Kia pressured to replace software program on hundreds of thousands of autos due to viral TikTok problem
February 14, 2023
Technology
BMW, Hyundai, GM, and Mercedes received’t but be a part of Tesla’s EV value battle
February 1, 2023
Technology
Unique: these are the brand new Sonos Period audio system
February 21, 2023
Technology
My Password Supervisor was Hacked! How you can Forestall a Disaster
February 16, 2023

Leave a Reply

Your email address will not be published. Required fields are marked *