Google this week said it handed out a record $8.7 million in bug bounty payouts in 2021 as part of its Vulnerability Reward Programs (VRPs). A total of 696 researchers from 62 countries received bug bounties.
The highest reward paid last year was $157,000, for a security issue in Android. The Internet giant awarded roughly $3 million in bounty rewards to researchers reporting bugs in the Android platform, but says that the $1.5 million reward it offers for Pixel’s Titan-M security chip flaws remains unclaimed.
As part of the Android Chipset Security Reward Program (ACSRP), which Google runs in collaboration with makers of other popular Android chipsets, a total of $296,000 was paid out, for more than 220 valid and unique security reports.
The company also rewarded 333 reports for unique security errors in Chrome, for a total of $3.3 million in VRP rewards: $3.1 million for vulnerabilities in the Chrome browser and $250,500 for Chrome OS issues. A total of 115 researchers were rewarded for their efforts, Google says.
Furthermore, $550,000 in bug bounty payouts was handed to more than 60 security researchers for Google Play vulnerabilities.
Over the past three months, as part of its VRP for the open-source Kubernetes-based Capture-the-Flag (CTF) project called kCTF – which targets security holes in critical open-source dependencies of Google Kubernetes Engine (GKE) – the company paid $175,685 in bounty rewards.
Last year, Google also paid $313,337 in prizes to researchers participating in its 2020 edition of the Google Cloud Platform VRP Prize.
Also in 2021, the company awarded more than $200,000 in grants to roughly 120 security researchers worldwide, as part of its experimental Vulnerability Research Grant program, which is meant to help bug hunters take “a detailed and extensive look into the security of Google products and services.”
Also in 2021, Google announced the launch of its new Bug Hunters portal at bughunters.google.com, which brings together all of the company’s VRPs (Google, Android, Abuse, Chrome, and Google Play), to streamline bug submissions. It also includes dedicated content to help researchers improve their skills.