Google has announced intentions to scale up its bug bounty scheme, which has until now been known as the Vulnerability Rewards Program (VRP).
In its ten-year history, more than 11,000 bugs have been reported and remedied via VRP and $29.3 million in rewards have been shared between 2,000 researchers. However, Google has now decided it wants to expand upon and simplify its program under a new name: Bug Hunters.
“Since its inception, the VRP program has not only grown significantly in terms of report volume, but the team of security engineers behind it has also expanded - including almost 20 bug hunters who reported vulnerabilities to us and ended up joining the Google VRP team,” said Jan Keller, who manages the program.
- We've built a list of the best malware removal software out there
- Check out our list of the best ransomware protection around
- Here's our list of the best endpoint protection services on the market
“This is why we are thrilled to bring you this new platform, continue to grow our community of bug hunters and support the skill development of up-and-coming vulnerability researchers.”
Google Bug Hunters
In a blog post, Google explains that the new scheme will bring the individual bounty programs for its various products (e.g. Google Search, Android, Chrome, Play) under one roof, providing a single funnel through which vulnerabilities can be reported.
Bug Hunters will also introduce a measure of gamification in the form of country-specific leaderboards and award badges, which Google says will increase interaction and competition within the community.
Meanwhile, to help researchers sharpen their bug-hunting abilities and improve their reports, the company has published a library of educational resources, housed under a section of the platform called Bug Hunter University. From here, researchers can view successful reports from the past, browse suggested bug targets and learn how to properly prepare and format a disclosure.
Google also took the opportunity to encourage users to submit reports relating to bugs in free and open source software (FOSS), which can also be eligible for reward under the scheme.
- Here's our list of the best antivirus services around