Google has revealed it handed out $8.7m in bug bounty payouts last year as a part of a vulnerability reward programs.
According to Security Week, a total of 696 researchers from 62 different countries were the beneficiaries of bug bounties.
The highest reward paid out in 2021 was $157,000, which was for a security issue in Android. Google awarded around $3m in bounty rewards to researchers who reported bugs in the Android platform.
Meanwhile, as part of the Android Chipset Security Reward Program – which Google runs alongside makers of other Android chipsets – a total of $296,000 was paid out for over 220 valid and unique security reports.
Google also rewarded 33 reports for unique security errors in Chrome for a total of $3.3m in VRP rewards, $3.1m for Chrome browser vulnerabilities and $250,000 for Chrome OS issues. In addition, $550,000 in bug bounty payouts were handed to over 60 security researchers for Google Play vulnerabilities.
As part of its VRP for the open-source Kubernetes-based Capture-the-Flag project, which targets security holes in critical open-source dependencies, the firm paid $175,685 in bounty rewards.