Google paid $10m in bug bounties in 2023, after safety researchers recognized hundreds of vulnerabilities throughout its services.
Greater than 600 white hat hackers throughout 68 international locations had been rewarded by the tech big for locating flaws in its techniques. The best single cost awarded was $113,337.
This represents a discount from $12m that was paid out to the bug bounty group in 2022.
In whole, Google has paid $59m in rewards to researchers for locating vulnerabilities in its techniques since 2010.
Bug bounty packages have change into an important element of vulnerability administration in massive organizations lately.
These packages apply a crowdsourced idea, by which particular person white hat hackers throughout the globe invited to search out and report vulnerabilities earlier than they’re exploited by malicious cyber actors.
Vulnerability Breakdown Throughout Google Programs
Google awarded over $3.4m in rewards to researchers who uncovered “outstanding” vulnerabilities inside Android, because the agency elevated its concentrate on securing this ecosystem.
It elevated the utmost reward quantity for vital vulnerabilities to $15,000, which led to a larger concentrate on increased severity points, Google famous.
Put on OS, a model of Google’s Android working system designed for smartwatches and different wearables, was added to the bug bounty program in 2023 to “additional incentivize analysis in new wearable know-how to make sure customers’ security.”
Google described 2023 as a “yr of modifications and experimentation” for its Chrome Vulnerability Rewards Program (VRP), by which $2.1m was paid out for 359 distinctive reviews of Chrome Browser safety bugs.
This included the launch of a reward program for its MiraclePtr safety safety measure to incentivize analysis towards discovering potential bypasses for the instrument.
Moreover, the tech big launched the Full Chain Exploit Bonus, which supplied triple the usual full reward quantity for the primary Chrome full-chain exploit reported and double the usual full reward quantity for any follow-up reviews.
Nonetheless, each of those incentives have up to now remained unclaimed.
Boosting AI Bug Bounty Applications
The agency highlighted a bugSWAT live-hacking occasion that came about final yr, designed to uncover vulnerabilities in its massive language mannequin (LLM) merchandise, reminiscent of Gemini.
This resulted in additional than $87,000 in funds from 35 reviews.
Google printed its reward standards for reporting bugs in AI merchandise in October 2023, as a part of its dedication to reinforce the protection of AI techniques.