Google today it has paid out over $21 million since launching its bug bounty program in November 2010. In the past year alone, the company distributed $6.5 million to 461 different security researchers, almost double the previous record set in 2018: $3.4 million to 317 different security researchers.
Bug bounty programs motivate individuals and hacker groups to not only find flaws but disclose them properly, instead of using them maliciously or selling them to parties that will. Rewarding security researchers with bounties costs peanuts compared to paying for a serious security snafu.
Google breaks down the $6.5 million into four categories: $800,000 for Google Play, $1.0 million for Chrome, $1.9 million for Android, and $2.1 million across other Google products. Google added that security