Google has paid security researchers over $21 million for bug bounties, $6.5 million in 2019 alone

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now

Google today announced it has paid out over $21 million since launching its bug bounty program in November 2010. In the past year alone, the company distributed $6.5 million to 461 different security researchers, almost double the previous record set in 2018: $3.4 million to 317 different security researchers.

Bug bounty programs motivate individuals and hacker groups to not only find flaws but disclose them properly, instead of using them maliciously or selling them to parties that will. Rewarding security researchers with bounties costs peanuts compared to paying for a serious security snafu.

Google breaks down the $6.5 million into four categories: $800,000 for Google Play, $1.0 million for Chrome, $1.9 million for Android, and $2.1 million across other Google products. Google added that security researchers decided to donate an all-time-high of $507,000 to charity in 2019. That’s five times the amount ever previously donated in a single year.

Google’s bug bounty program has been growing since its inception, although the past few years have all seen total payouts around the $3 million mark. Seeing that number almost double this year suggests the program is more than alive and well. Indeed, Google’s security team has continued to expand the program and offer more lucrative rewards. In 2019, Google notably quintupled the top reward for hacking Android to $1 million. Google also launched a 50% bonus for exploits found on specific developer preview versions of Android, meaning the top reward could net you $1.5 million.

AI Scaling Hits Its Limits

Power caps, rising token costs, and inference delays are reshaping enterprise AI. Join our exclusive salon to discover how top teams are:

Turning energy into a strategic advantage
Architecting efficient inference for real throughput gains
Unlocking competitive ROI with sustainable AI systems

Secure your spot to stay ahead: https://bit.ly/4mwGngO

Google’s financial rewards for security bugs range from $100 to $1.5 million, based on the risk level of the discovery. In 2019, however, the biggest single reward was $201,000 (up from $41,000 in 2018).

Daily insights on business use cases with VB Daily

If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.

Read our Privacy Policy

Thanks for subscribing. Check out more VB newsletters here.

An error occured.

The insights you need without the noise