Google Paid $10 Million As Vulnerability Rewards For Security Loopholes In Its Products Last Year

As software gets more complex with time, we’re likely to witness it featuring serious loopholes regarding its safety.

This is why leading tech giants of the world have accepted that and decided to provide hackers as well as security researchers the chance to find incentives and report issues.

This is where Google's VRP or vulnerability rewards program comes into play. In 2023 alone, we saw the Android maker roll out close to $10 million as a bounty to researchers who found loopholes and reported the issue to the firm from all over the globe.

As far as the company’s own Android app and devices are concerned, it generated bounties worth $3.4 million. As far as vulnerabilities for serious issues, it managed to roll out $15k in that domain.

Moreover, the firm also mentioned how it was including its Wear OS in this program allowing security experts to highlight bugs and deficiencies in security through its wearable app.

We’re also seeing Google mention how it is now increasing the fees for reports having greater quality as that allows researchers to shift focus on issues of greater or more complex severity.

This is also one of the big reasons why the organization paid less in figures in 2023 when compared to the year before that.

Android is not the only huge project of Google, we must remember. We’ve got researchers arising from Chrome who managed to generate a staggering $2 million for reporting close to 359 errors.

Those included long-standing issues featuring V8 encoding which slipped through without anyone noticing at the start.

Google was similarly busy with security enhancements on this browser such as launching rollouts that stop a lot of memory safety bugs coming into play.

Meanwhile, experts are speaking about one logical inclusion to Google’s VRP that arose in 2023, which was the domain of Generative AI. Google rolled out live hacking programs that targeted big language models and that’s when we saw researchers working hard to include prompts that make Bard spill over secrets that perhaps it was never supposed to do in the first place.

Other than this, some other leading prominent endeavors to come into play by the search engine giant included its Hacking Google Bard initiative and the ‘We Hacked Google AI’ that stood at $50k.

Throughout 2023, we saw a massive sum that spanned several other leading projects out there today. Remember, the world of AI and digital tools continues to evolve as we speak.

Therefore, Google does not see this rewards program for detecting vulnerabilities ending anytime soon.

For future prospects, we can see how the firm wishes to be far ahead of the curve than where it stands today. This happens to be linked to its respective security programs. Remember, the fact that there are so many changes to the initiative in 2023 means we could see similar changes with better developments come into play as soon as 2024 passes on.


Image: DIW-AIgen

Read next: Midjourney 6 AI Image Generator Rolls Out New And Innovative Character Reference Feature
Previous Post Next Post