back to article Poking holes in Google tech bagged bug hunters $10M

Google awarded $10 million to 632 bug hunters last year through its vulnerability reward programs. The web goliath's 2023 total represents a slight dip compared to the $12 million in bounties it paid the previous year. Hopefully this means more-secure products — not more researchers turning to the dark side and making money …

  1. Dinanziame Silver badge

    That's still good, I guess? I think we can forget the notion of companies designing secure from the start — good luck with that — so bug bounties are at least a way to find new vulnerabilities, and to give some cash to third-party white hats. They could get better results by raising the bounties, but...

    1. Version 1.0 Silver badge

      Researchers will make a lot more money if they block all the malware ... but could then create some malware under the desk for the next set of events and a higher profit - I'm not saying that this is happening but I'm not confident that it doesn't happen. Looking at all the malware issues these days I wonder if malware creation is now an AI feature too?

      The environment these days is that we are working hard 100% to detect and block malware but we're seeing more malware all the time ... we need to change the computing and data storage concepts completely.

  2. Mike 137 Silver badge


    In one year: Google --> "$10 million to 632 bug hunters"; Microsoft --> "$13.8 million to 345 researchers". So that's $15.8k each at Goo, $40k each at M$.

    They could with that expenditure have easily paid the salaries of a sufficient number of in house staff doing debugging, considering that in house staff wouldn't be paid on the same notional "one bug each" model. However, farming out quality control seems to be the norm now, apparently regardless of cost effectiveness -- yet another example of how IT and common sense continue to diverge.

    1. Dinanziame Silver badge

      Re: Alternatively

      They already have people paid to do debugging, who are simply not finding those bugs — what's their incentive?

      On the other hand, paying your own employees by bug fixed is an excellent way to have a lot of bugs in your software: "I'm going to code myself a minivan this afternoon!"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like