Google is celebrating the fact that software developers are becoming more and more incompetent and the software is getting worse.
They themselves do not notice this because of the metrics applied.[1]
Goggle understands that finding bugs due to the bug bounty program saves costs immensely.
Because if you let real security researchers do the work, you also have to pay the researchers who don't find anything.
With Bug Bounty you only pay if a bug is found. And also there is mitigation to keep the reward small.
The problem is that these numbers then allow the (wrong) conclusion that the way is right.
I find it impressive how you can sit on tons of studied experts and celebrate such "successes" without anyone
jumping up and shouting "This is crap!!!".
[1]
Google Security Blog: Vulnerability Reward Program: 2022 Year in Review