Google has announced the results of the bounty program for identifying vulnerabilities in Chrome, Android, Google Play apps, Google products and various open source software. Total awards paid out in 2022 were $12 million, up $3.3 million from 2021. Over the past 8 years, the total amount of payments amounted to more than 42 million dollars. 703 researchers received awards. In the course of the work carried out, more than 2900 security problems were identified and eliminated.
Of the amount spent in 2022, $4.8 million was paid for Android vulnerabilities, $3.5 million for Chrome, $500 for Chrome OS, and $110 for open source vulnerabilities. An additional $230 has been allocated to security researchers in the form of grants. The largest payout was $605, which was received by researcher gzobqq for creating an exploit for the Android platform covering 5 new vulnerabilities. The most active researcher is Aman Pandey from Bugsmirror, who has identified more than 200 vulnerabilities in Android in a year, Zinuo Han from OPPO Amber Security Lab is in second place, who has identified 150 vulnerabilities, and Yu-Cheng Lin is in third place, reporting almost 100 problems.
Source: opennet.ru