The payouts from Google's bug bounty program reach nearly 12 million dollars in 2024.

In 2024, Google has distributed a total of $11.8 million in bug bounty rewards, benefiting 660 security researchers. This means that each researcher received, on average, around $18,000. The largest reward granted this year reached $110,000, bringing the total amount paid by the company to $65 million since the program's inception in 2010.

More than half of this year's payments were to those who discovered vulnerabilities in Chrome and Android devices, highlighting Google's commitment to the security of its most popular products. These efforts have resulted in a total reward of $3.3 million for researchers in the Android and Google Device Vulnerability Reward Program, although there was an 8% decrease in the number of reports submitted. However, there was a slight 2% increase in critical and high vulnerabilities.

In detail, 337 unique reports were logged for the Chrome program, of which 137 received payouts totaling $3.4 million. This year also marked the launch of a new category of rewards for vulnerabilities related to artificial intelligence. Although payments in this new area totaled only $55,000, it represents the first full year for this initiative.

Additionally, the company hosted two bugSWAT events and four init.g workshops aimed at developing new security researchers. Looking ahead, Google is expected to commemorate the 15th anniversary of its vulnerability reward program in 2025, although specific changes to the program's structure have yet to be detailed for this occasion.

Dirk Göhmann from Google expressed gratitude to the bug hunting community, emphasizing their role in making Google's products and platforms safer for users worldwide.