A brand new chapter for Google’s Vulnerability Reward Program

0
144

[ad_1]

Posted by Jan Keller, Technical Program Supervisor, Google VRP A little bit over 10 years in the past, we launched our Vulnerability Rewards Program (VRP). Our objective was to determine a channel for safety researchers to report bugs to Google and supply an environment friendly approach for us to thank them for serving to make Google, our customers, and the Web a safer place. To recap our progress on these objectives, here’s a snapshot of what VRP has achieved with the group over the previous 10 years:Complete bugs rewarded: 11,055Number of rewarded researchers: 2,022Representing 84 totally different countriesTotal rewards: $29,357,516To have a good time our anniversary and make sure the subsequent 10 years are simply as (or much more) profitable and collaborative, we’re excited to announce the launch of our new platform, bughunters.google.com.This new website brings all of our VRPs (Google, Android, Abuse, Chrome and Play) nearer collectively and offers a single consumption kind that makes it simpler for bug hunters to submit points. Different enhancements you’ll discover embrace:Extra alternatives for interplay and a little bit of wholesome competitors via gamification, per-country leaderboards, awards/badges for sure bugs and extra!A extra purposeful and aesthetically pleasing leaderboard. We all know loads of you might be utilizing your achievements within the VRP to seek out jobs (we’re hiring!) and we hope this acts as a helpful useful resource.A stronger emphasis on studying: Bug hunters can enhance their abilities via the content material out there in our new Bug Hunter UniversityStreamlined publication course of: we all know the worth that information sharing brings to our group. That’s why we need to make it simpler so that you can publish your bug stories.Swag will now be supported for particular events (we heard you loud and clear!)We additionally need to take a second to shine a lightweight on some points of the VRP that aren’t but well-known, reminiscent of:Once we launched our very first VRP, we had no thought what number of legitimate vulnerabilities – if any – could be submitted on the primary day. Everybody on the group put of their estimate, with predictions starting from zero to twenty. Ultimately, we really obtained greater than 25 stories, taking all of us without warning.Since its inception, the VRP program has not solely grown considerably by way of report quantity, however the group of safety engineers behind it has additionally expanded – together with virtually 20 bug hunters who reported vulnerabilities to us and ended up becoming a member of the Google VRP group.That’s the reason we’re thrilled to deliver you this new platform, proceed to develop our group of bug hunters and assist the talent improvement of up-and-coming vulnerability researchers. Thanks once more to your complete Google bug hunter group for making our vulnerability rewards program profitable. As you proceed to mess around with the brand new website and reporting system, inform us about it – we’d love to listen to your suggestions. Till subsequent time, carry on discovering these bugs!

[ad_2]