Google unifies its Vulnerability Rewards Program sites for Android, Chrome, and Play
Google’s Vulnerability Rewards Program (VRP) rewards security researchers for reporting security flaws in Google products. The program spans across multiple products, like Android, Chrome, and Google Play, and dishes out some serious cash. Google paid security researchers a record $6.7 million through the program last year and $6.5 million the year before that. Since its launch a little over ten years ago, the company has paid almost $30 million in rewards to over 2000 researchers across 84 different countries. To keep this trend going and encourage more security researchers to participate in the program, Google has now announced a new unified platform called Bug Hunters.
In a recent blog post, Google revealed that the new Bug Hunters platform brings all of the company’s VRPs, including Google, Android, Abuse, Chrome, and Play, under one roof. The idea behind this move is to provide a single intake form for bug hunters to submit issues and give them:
- More opportunities for interaction and a bit of healthy competition through gamification, per-country leaderboards, awards/badges for certain bugs, and more!
- A more functional and aesthetically pleasing leaderboard.
- An opportunity to learn and improve their skills through the content available in the new Bug Hunter University.
- A streamlined publication process to submit bug reports.
- Swag for special occasions.
Additionally, the blog post highlights some aspects of the VRP that aren’t as well known, including:
- Submitting patches to open-source software is eligible for a reward.
- Research papers on the security of open source are eligible for a reward.
- Open-source software might be eligible for a subsidy.
You can try out the new platform by heading over to bughunters.google.com. If you have any feedback, you can submit it here. For more information on Google’s Vulnerability Rewards Program, head over to this page.