It’s no secret that last year was full of data breaches and cyber attacks, with numerous companies falling victim to malicious actors. However, Google’s vulnerability reward program prevented a potentially worse scenario, as the company paid out a record-breaking $12 million for over 2,900 security vulnerabilities reported.
As the name suggests, the vulnerability program is a way for Google to discover software vulnerabilities in their system and give cash rewards to the security researchers in return. The cash incentives encourage researchers to report these vulnerabilities directly to Google instead of exploiting them, which ultimately helps to prevent any harm to Google’s systems and its users.
Among the payouts, the Android Vulnerability Program had the highest payout ever of $605,000 for a single report, followed by the Android Chipset Security Reward Program, with $468,000 for more than 700 reports. Google’s Chrome Vulnerability Reward Program had an outstanding year, with almost 500 vulnerabilities reported and over $4 million paid in rewards. Late last year, the company also launched the Open Source Software Vulnerability Rewards Program, which had over 100 reports, and paid almost $100,000 in rewards.
New categories this year
In an ongoing effort to enhance security, Google is introducing new categories to its vulnerability program. While one of the categories will incentivize researchers to investigate vulnerabilities in the latest versions of Google Nest and Fitbit devices, the other will encourage research into memory corruption bugs targeting highly privileged processes, including the GPU and network processes.
With the rise in cybersecurity attacks, it has become more important than ever for companies to take proactive measures to ensure the security of their software, and Google recognizes the importance of addressing this issue. To achieve this, the company has collaborated with renowned security researchers worldwide, including LiveOverflow, PwnFunction, stacksmashing, InsiderPhD, and PinkDraconian, to develop instructional videos and guides aimed at educating young talents about bug hunting.