Google awards record $12 mn to 700 bug researchers, Indian leads


New Delhi, Feb 25 (IANS): Alphabet and Google CEO Sundar Pichai on Saturday said that the company awarded a record $12 million in bug bounties to more than 700 researchers in 2022, including the largest award in its bug bounty programme history.

The Android Vulnerability Reward Programme (VRP) had a record-breaking year in 2022 with $4.8 million in rewards and the highest paid report in Google VRP history of $605,000.

"Submitting an impressive 200+ vulnerabilities to the Android VRP, Aman Pandey of Bugsmirror remains one of our programme's top researchers," said Sarah Jacobus of Vulnerability Rewards Team at Google.

Since submitting their first report in 2019, Pandey reported more than 500 vulnerabilities to the programme.

The invite-only Android Chipset Security Reward Programme (ACSRP) awarded $486,000 in 2022 and received over 700 valid security reports.

Chrome VRP had another unparalleled year, receiving 470 valid and unique security bug reports, resulting in a total of $4 million of VRP rewards.

"Of the $4 million, $3.5 million was rewarded to researchers for 363 reports of security bugs in Chrome Browser and nearly $500,000 was rewarded for 110 reports of security bugs in ChromeOS," informed Jacobus.

In August 2022, the company launched open source software (OSS) VRP to reward vulnerabilities in Google's open source projects.

Since then, over 100 bug hunters have participated in the programme and were rewarded over $110,000, according to the company.

"We've awarded more than $250,000 in grants to over 170 security researchers," it added.

 

  

Top Stories


Leave a Comment

Title: Google awards record $12 mn to 700 bug researchers, Indian leads



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.