Did you know Google Paid $12 Million in Bug Bounty Rewards to 660 Security Researchers in 2024

 

Google just shared more stats about its Vulnerability Reward Program (VRP) that rewarded 660 security researchers in 2024 with $12M in total.

The Android maker shed light on how the program was revamped to provide better incentives and improve the reward structure. They bumped rewards to a maximum limit of $151,515 while the Mobile VRP reached $300,000 for all crucial vulnerabilities in top performing apps. The maximum reward hit $450K for exceptional quality type of reports.

As per the Cloud VRP, it managed to raise the reward amount by nearly five times the figure seen in July while Google’s Chrome shared how bug rewards were now exceeding the $250K amount.

In 2024 alone, Google mentioned how the rewards nearly doubled for MiraclePtr bypasses to $250k from $100k when the program was first rolled out.

It similarly launched the kvmCTF, which is a new VRP rolled out in October of 2023. The aim was to secure the security of the KVM hypervisor that offered $250k bounties for complete VM escape exploit incidents.

The organization shared how it awarded $65M in bug bounties ever since the program went live in 2010. The highest reward paid out in 2024 went above $110k. In 2024, the search engine giant gave out $3.4M to over 137 Chrome VRP researchers after it analyzed more than 137 reports related to valid security bugs across Chrome.

The biggest bug bounty for 2024 struck $100,115 after the program went live for most programs seen on Chrome. The organization also mentioned how it could pay above $3.3M to researchers that reported security issues through the firm’s Android and Google Device Reward initiative as well as Google’s Mobile Vulnerability Reward Program.

This year, the company will be celebrating the program hitting 15 years at Google. They shared how they continue to stay committed to giving rise to greater collaboration, transparency, and innovation inside the community. Google vowed to continue making sure the best standard remains in this security domain.

A recent blog post was shared on this topic where Google said the main aim is to stay ahead of the game as emerging threats continue to rock the tech world. They want to accept modern technologies and keep on making the firm’s stance regarding security stronger across all products and services.

One year back, Google shared how it awarded nearly $10M to up to 632 researchers for finding and reporting responsibly any kind of major flaws across its offerings.