Google Pays IDR 156 Billion to "Bug" Finder
- The technology giant Google has a program called the Vulnerability Reward Program (VRP). In this program Google will provide monetary rewards to people who find security holes (bugs) in the Google ecosystem, such as Android or Chrome.
In 2023, Google was recorded as having given a total prize money of 10 million US dollars (around Rp. 156 billion) to 632 bug discoverers in its ecosystem.
This figure is a decrease compared to the prize of 12 million US dollars (equivalent to Rp. 188.4 billion) awarded in 2022. However, this figure is still significant and shows the involvement of the user community in Google's security efforts.
As a comparison, Microsoft through a similar program has provided rewards of 13.8 million US dollars (approximately Rp. 216.6 billion) to 345 researchers, from July 1 2022 to June 30 2023.
Meanwhile, the biggest prize given by Google to bug hunters in 2023 reached 113,337 US dollars or around Rp. 1.7 billion. It did not specify what program provided the prize and who received it.
Read news without ads. Join Kompas.com+
One of the programs with high prizes in this VRP is for the Android operating system (OS). This program provides a prize of 3.4 million US dollars (around Rp. 53.4 billion), for researchers who find vulnerabilities in Android-based devices.
"Android VRP achieves significant achievements in 2023, which reflects our dedication to securing the Android ecosystem," wrote Sarah Jacobus as Vulnerability Rewards Team on the Google Security Blog site.
Google also last year increased the maximum reward for finding critical security flaws in Android to 15,000 US dollars (equivalent to IDR 235.5 million), then launched VRP Mobile which focuses on first-party applications on Android.
Read news without ads. Join Kompas.com+
Next, Google added the WearOS operating system category to its bug discovery program, to encourage users to look for bugs in smartwatches and other Android-based wearable devices.
As a result, in a hackathon for WearOS and Android Automotive OS, Google gave away as much as 70,000 US dollars (approximately Rp. 1 billion) to users, who in total found more than 20 critical security holes.
In addition to first-party Android and WearOS apps, Google introduced the artificial intelligence (artificial intelligence/AI) category, for its various generative AI products such as Google Bard.
In total there were 35 bug reports, with rewards reaching 87,000 US dollars (around Rp. 1.3 billion).
The company, which is headquartered in California, United States, also presents the latest Bonus Awards program, which periodically provides additional prizes for a limited time, for target vulnerabilities determined by Google.
Rewards for discoverers of bugs in Chrome
Google VRP illustration
For the VRP browser engine (browser) Google Chrome, the total reward given by Google reached 2.1 million US dollars (around Rp. 31.4 billion) for 359 bug reports received.
One of the points highlighted by Google is the presence of the new version of Chrome Milestones 116 (M116) which brings MiraclePtr technology. This technology works to prevent exploitation of the Use-After-Free (UAF) vulnerability.