Security researchers are keeping Android and Chrome safe with their vulnerability disclosures

As Google detailed earlier this week, it's constantly trying to improve security on Android and other products. While the company has a talented team of developers working towards this goal, bugs and vulnerabilities inevitably slip through the cracks. That's where the company's Vulnerability Rewards Programs (VRPs) come in, with the company paying out bounties to security researchers who responsibly disclose issues in Google products. 2022 has been the programs' most successful year yet, with Google paying out over $12 million across Android, Chrome, and more.

In 2022, Google paid out $4.8 million to security researchers finding vulnerabilities in Android, including the single highest paid report in the history of the program at $605,000. The Chrome program is equally impressive with a total of $4 million, with the majority going to Chrome researchers and about $500,000 to those who found issues in ChromeOS. The rest of the money was paid out across the company's further programs, including Google Play and the company's new Open Source VRP, which is meant to offer rewards for those who find issues in Google's open source projects.

Source: Google

Compared to 2021, last year represents an increase, with the company going from $8.7 million to $12 million in payouts. In part, that's because the company offers further incentives and has added more qualifying devices to its list, like Fitbit and Google Nest devices. The addition of its Open Source program, mentioned earlier, surely also helped.

This year, in 2023, the company wants to offer more experiments within the Chrome program. There are supposed to be bonus opportunities and other experiments for those who find bugs and vulnerabilities in Chrome and ChromeOS. The company also added more than 20 instructional videos for researchers who want to disclose issues, making the process easier than it was before.

Even if $12 million might seem like a big number, it’s peanuts when compared to Google’s 2022 revenue of about $280 billion. The investment makes a lot of sense for the company, as actively exploited vulnerabilities pose a much greater risk to its bottom line than any such rewards program could ever be.

Conclusion on Google paid hackers over $12 million in bounties to keep its products secure in 2022

If you have any query let me know in comment section.