- Google Bug Bounties See 660 Researchers obtain an action of $ 11.8 million in 2024
- The Chrome and Android VRP were lucrative
- The Google VRP program turns 15 next year
Google has revealed that he paid $ 11.8 million in error rewards in 2024, with payments that leave 660 security researchers, which is equivalent to a theoretical average of around $ 18,000 each.
Its highest payment in 2024 was $ 110,000, with its total payment to date now at $ 65 million since 2010.
Chrome researchers and those who revealed vulnerabilities in Android and other Google devices represented about half of the 2024 payments, marking the company’s commitment to security within its most popular devices.
Google paid $ 12 million in error rewards last year
Some changes in the structures last year resulted in the highest payment potentials, with the Google VRP now paying up to $ 151,515, $ 300,000 for the mobile VRP, $ 151,515 for the VRP in the cloud and $ 250,000 for the Chrome awards.
In a blog post, Dirk Göhmann de Google said that the researchers who contribute to the Android and Google Devices security reward program and the Google mobile vulnerability reward program obtained more than $ 3.3 million in rewards in 2024, and added that 8% less reports were recorded. However, the company saw an increase less than 2% in critical and high vulnerabilities.
A total of 337 unique reports were made to VRP Chrome: 137 received rewards for a total of additional $ 3.4 million.
Google also celebrated the launch of a new category: 2024 was its first full year of AI error rewards, but payments remained relatively low, to $ 55,000.
Other successes include two Bugswat events and four Init.G workshops to support the next generation of security researchers.
Looking towards the future, Göhmann said the company will celebrate 15 years of VRP in 2025; It is not clear if changes will be made in its VRP to commemorate this milestone.
Göhmann added: “We want to send a great thanks to our error hunter community for helping us to make Google’s products and platforms safer for our users worldwide, and invite researchers who are not yet committed to the vulnerability rewards program to join us in our mission of keeping Google safe!”
