Alphabet and Google CEO Sundar Pichai on Saturday said that the company awarded a record $12 million in bug bounties to more than 700 researchers in 2022, including the largest award in its bug bounty programme history.
The Android Vulnerability Reward Programme (VRP) had a record-breaking year in 2022 with $4.8 million in rewards and the highest paid report in Google VRP history of $605,000.
“Submitting an impressive 200+ vulnerabilities to the Android VRP, Aman Pandey of Bugsmirror remains one of our programme’s top researchers,” said Sarah Jacobus of Vulnerability Rewards Team at Google.
Since submitting their first report in 2019, Pandey reported more than 500 vulnerabilities to the programme.
The invite-only Android Chipset Security Reward Programme (ACSRP) awarded $486,000 in 2022 and received over 700 valid security reports.
Chrome VRP had another unparalleled year, receiving 470 valid and unique security bug reports, resulting in a total of $4 million of VRP rewards.
“Of the $4 million, $3.5 million was rewarded to researchers for 363 reports of security bugs in Chrome Browser and nearly $500,000 was rewarded for 110 reports of security bugs in ChromeOS,” informed Jacobus.
In August 2022, the company launched open source software (OSS) VRP to reward vulnerabilities in Google’s open source projects.
Since then, over 100 bug hunters have participated in the programme and were rewarded over $110,000, according to the company.
“We’ve awarded more than $250,000 in grants to over 170 security researchers,” it added.