2022: Google paid $ 12 million for rewards for identifying vulnerabilities

Google summarized the results of paying for the identification of vulnerabilities in Chrome, Android, Google Play applications, Google products and various open software. The total amount of rewards paid in 2022 amounted to $ 12 million, which is 3.3 million more than in 2021. Over the past 8 years, the total amount of payments has amounted to more than $ 42 million. There were 703 researchers. In the course of the work, more than 2900 security problems were identified and eliminated.

of the amount spent in 2022 $ 4.8 million was paid for vulnerabilities in Android, $ 3.5 million in Chrome, $ 500 thousand in Chrome OS, $ 110 thousand for open software. An additional 230 thousand dollars is allocated to researchers of security in the form of grants. The size of the largest payment amounted to 605 thousand dollars, which was received by the Gzobqq researcher for creating an exploit for the Android platform, covering 5 new vulnerabilities. The most active researcher was called Aman Pandey from Bugsmiror, which revealed more than 200 vulnerabilities in Android, in second place Zinuo Han from Oppo Amber Security Lab, which revealed 150 vulnerabilities, in third place Yu-Cheng Lin, which reported almost 100 problems. P>