It’s been 10 years since Google launched its Vulnerability Rewards Program (VRP). The goal of this program was to establish a channel for security researchers to report bugs to Google. It also offered an efficient way for Google to compensate the researchers. Over the years, Google has spent almost $29.3 million to pay around 2022 bounty hunters. This has resulted in a total of 11,055 total reports being rewarded. And now Google has revamped the whole Bug Bounty program to make it even better.
In a blog post by Google they stated, “To celebrate our anniversary and ensure the next 10 years are just as (or even more) successful and collaborative, we are excited to announce the launch of our new platform, bughunters.google.com,” Google said. “This new site brings all of our VRPs (Google, Android, Abuse, Chrome, and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues.”Jan Keller, Technical Program Manager, Google VRP
Google Bug Bounty Hunters
With the launch of the new platform, Google has made it much more versatile in interaction through competition. They have introduced country-based leaderboards and awards/badges for certain bugs and more! Then there’s also the new Bug Hunter University, an initiative taken by the company to help bug bounty hunters sharpen their skills.
In the previous year alone, Google spent almost $6.7 million to bug hunters for finding security issues with its products. The biggest single payout went to Alpha Lab’s Guang Gong, who received $201,337. He got the reward by discovering a remote code execution exploit chain targeting Pixel 3 devices.
Google’s Bug Bounty program is now way ahead of any other major tech company, including Facebook and Microsoft. Both have also spent quite a fortune on bug reporting but come nowhere close to Google. This announcement will further incentivize more and more bug hunters to be a part of Google’s Bug Bounty program.