Google has announced the results of its bounty program for identifying vulnerabilities in Chrome, Android, Google Play apps, Google products, and various open source software. The total amount of awards paid in 2023 was $10 million, which is 2 million less than in 2022 and 1.3 million more than in 2021. 632 researchers received awards (last year - 703). Since 2010, the total amount of payments has amounted to $59 million.
Of the amount spent in 2023, $3.4 million (last year $4.8 million) was paid for vulnerabilities in Android. For information about vulnerabilities in the Chrome browser, 359 awards were paid for a total of $2.1 million (last year $3.5 million). $87 thousand was paid for vulnerabilities in projects related to machine learning. The largest single payment was $113.
Source: opennet.ru