Google paid bug hunters millions in 2020 for finding vulnerabilities in their software.
Undoubtedly, Google has tons of savvy minds roaming around Silicon Valley, but there are plenty outside of it too. These so-called bug hunters search for vulnerabilities in Google software and the search giant pays them generously. In 2020, the company paid a whopping $ 6.7 million in bug bounties; that has never happened before.
Google pays $ 6.7 million to bug hunters
In a blog post, Google discloses that the company paid around € 5.6 million to bug hunters in 2020. It is by far the most that Google has ever spent on the Vulnerability Reward Program. The amount has almost doubled since 2018.
Now you might think, ‘Google makes almost 200 billion a year, that amount is peanuts’. In absolute terms you are of course right, but practically speaking, the bounty hunter program is not necessarily a fat pot. Depending on the severity of a vulnerability, researchers may only get $ 100. The maximum a hunter can earn per vulnerability is $ 31,337.
In total, Google gave 662 hunters compensation for finding a bug in 2020. That is an average of more than $ 10,000 per bounty. Incidentally, the highest amount paid out was a whopping $ 132,500!
The largest percentage of the total bounties went to vulnerabilities in Google Chrome. Almost a third of all money was paid for browser bugs. Android was another relative bogus cheese.
Also read: Google tackles, has to pay for articles