Google launched a new bug bounty platform, unified management of Android, Chrome, and other reward programs
As early as 2010, Google launched the Vulnerability Rewards Programs (VRP), security researchers can directly submit the discovered vulnerabilities to Google. After obtaining the vulnerability report, Google will review the vulnerability report and issue a bounty ranging from $100 to $30,000 to security researchers based on the severity of the vulnerability.
Now Google has released a new Bug Hunters platform, and all its bug bounty programs are managed under one platform. bughunters.google.com is a new website launched by Google for the bug bounty program. Vulnerability rewards for many Google products and services (such as Android, Chrome, data abuse, Google services, Google Play, etc.) will be managed and submitted on this one website. In bughunters.google.com, there is only a single acceptance form, making it easier for researchers to submit reports.
In order to encourage researchers to participate more in this project, Google has also introduced some ranking functions that are common in games on the website. In this ranking, users can sort researchers according to indicators such as country, time, and activity. As well as rewards and badges that show certain vulnerabilities.
Google also took this opportunity to launch Bug Hunter University, where security researchers or student groups can improve their skills through the content on the Bug Hunter University page.
Since its inception in 2010, Google has rewarded 11,055 bugs submitted by 2,022 researchers from 84 countries in the first ten years, with a total payment of $29.36 million. Last year alone, Google paid $6.7 million.