Google paid $10 million to bug hunters in 2023, $2 million less than the previous year

Every year, Google has been rewarding the bug hunter community for identifying vulnerabilities and exploits in its products, primarily Chrome and Android. In Google’s 2023 Bug Bounty program, the amount stood at $10M, taking the total rewards since 2010 to $59M.

In the official blog post, Google highlights that 359 unique security bugs were reported in its native browser, Chrome, and $2.1M was paid out to the hunters. For Android, Google gave out $3.4M in bug bounty but didn’t disclose the number of vulnerabilities.

In the wearables domain (Nest, Fitbit and others), the tech giant paid $116,000. And for GenerativeAI, the total bounty was $87,000.

The highest reward for the year stood at $113,337, but there’s no official confirmation about who it went to. In the blog, Google thanked two researchers, Zinuo Han and Yu-Cheng Lin, for their contribution to the bug-hunting program.

Bounty falls in comparison to 2022

Though the $10 million bounty is a significant amount, it’s $2M less than the $12M Google paid out the bug hunters in 2022. The Mountain View-based tech giant didn’t reveal a reason for the drop. However, it looks like fewer vulnerabilities were reported in 2023.

Looking at the last decade, the bug bounty has increased yearly since 2015, except for a tiny $0.1M drop in 2017.

Another interesting fact is that, while in 2022, the highest rewards stood at $605,000, it fell to $113,337 in 2023, an 81.27% drop.

Other tech giants, too, offer such rewards. Interested bug hunters stand a chance to win $20,000 with Microsoft’s bounty program for identifying vulnerabilities and exploits in its products.

What’s your take on Google’s bug bounty report for 2023? Share with our readers in the comments section.