Google launches new experimental Abuse Bug Bounty program

by ·

Google announced a new experimental abuse research funding program for abuse-related strategies and product issues outside the scope of existing vulnerability research funding and vulnerability reward programs (VRP).

According to the introduction, the amount of funding for the program ranges from $500 to $3,133.7 and will be awarded in advance before researchers submit errors found in Google features and products. It aims to reward researchers who seek abuse-related methods and sensitive product issues outside the scope of traditional security vulnerabilities.

Google Play sharing

Google writes:

we hope to bring even more awareness to product abuse by connecting more closely with our experienced researchers – so we can all work together to overcome these challenges, prevent product abuse and keep our users safe.

In January 2015, Google launched an experimental vulnerability research funding program to supplement its long-term vulnerability reward program. The purpose is to reward security researchers who study the security of Google products and services. At present, the plan has been successfully verified; data shows that the contributions of researchers have led to the mitigation of more than 1,000 effective vulnerabilities to combat the risk of abuse that may cause accidental damage to users or the Google platform.

Google said that the goal of the new plan is to support researchers in finding vulnerabilities in Google products; even if researchers do not find new vulnerabilities after receiving research funding, this will not affect their chances of obtaining new funding. The company hopes to use this new program to have closer ties with some of their experienced researchers so that people will have more awareness of product abuse.

The operation of the new research funding scheme is as follows:
  • We invite our top abuse researchers to the program.
  • We award grants immediately before research begins, no strings attached.
  • Bug Hunters apply for the targets we share with them and start their research.
  • On top of the grant, researchers are eligible for regular rewards for the bugs they discover in scope of our Bug Bounty program.

Tags: