Google has revealed that its bug bounty program – which it styles a "Vulnerability Reward Program" – has paid out for 11,055 bugs found in its services since 2010.
11,055 bugs seems like a lot, but it's not out of step with other vendors. Microsoft's monthly Patch Tuesday packages regularly fix over 100 flaws, while Oracle's quarterly patch collections often contain well more than 300 pieces of corrective code. Across 11 years, the two abovementioned vendors would also produce over 11,000 bugs.
Google's disclosure — which appeared in a Tuesday post that also revealed the company has paid out over $29 million in bug bounties to 2022 researchers — came with news that the ad giant has decided its vulnerability reward program (VRP) needs a major makeover.
The company has renamed it "Bug Hunters", whipped up a sparkling new site, and brought together programs that once covered discrete VRPs for Google, Android, Abuse, Chrome and Play.