Joy for bug bounty hunters! Google has paid over $29 million in bounties so far to 2022 researchers
For bug bounty hunters, Google has revamped its program and introduced new streamlined 'Bug Hunters' website
The hunting has been good for bug bounty hunters! Google on Tuesday disclosed that it had paid out over $29 million in bug bounties to 2022 researchers as part of its vulnerability reward program (VRP), while simultaneously announcing that it was changing the program. The company revealed that it has paid $29,357,516 for 11,055 bugs that have been successfully identified on its apps and services over a period of 11 years.
As part of the bug bounty hunters scheme makeover, the company announced on its security blog that it has rebranded its VRP program which will now be known as “Bug Hunters” for which the company has now launched a new website. Google has also decided to unify its efforts for some of its other VRP programs such as the bug bounty program for Google, Android, Google Chrome, and Google Play.
Also read: Looking for a smartphone? Check Mobile Finder here.
This means that Google will now have one Bug Hunters website which will accept vulnerability disclosures for these products, which should streamline the process of reporting bugs across the company's platforms. However, the company has decided to take things a step further using “gamification” system, which will show leaderboards for disclosures per country, while also assigning “awards” and “badges” for certain bugs – which could also help those applying for a job with the company's VRP team, the company says.
“When we launched our very first VRP, we had no idea how many valid vulnerabilities - if any - would be submitted on the first day. Everyone on the team put in their estimate, with predictions ranging from zero to 20. In the end, we actually received more than 25 reports, taking all of us by surprise,” Google stated in the blog post. Since then, the company has paid researchers in 84 countries for reporting bugs on the platform.
The new website will also have a stronger emphasis on learning for users, according to Google. “Bug hunters can improve their skills through the content available in our new Bug Hunter University,” the company stated while adding that even patches for open-source software are eligible for a reward, along with rewards for research papers on open source security.