Google is giving its bug bounty scheme a major facelift

News
By published

Google invites new white hat hackers to join the fun

scammers
(Image credit: Shutterstock / Brazhyk)

Google has announced intentions to scale up its bug bounty scheme, which has until now been known as the Vulnerability Rewards Program (VRP).

In its ten-year history, more than 11,000 bugs have been reported and remedied via VRP and $29.3 million in rewards have been shared between 2,000 researchers. However, Google has now decided it wants to expand upon and simplify its program under a new name: Bug Hunters.

“Since its inception, the VRP program has not only grown significantly in terms of report volume, but the team of security engineers behind it has also expanded - including almost 20 bug hunters who reported vulnerabilities to us and ended up joining the Google VRP team,” said Jan Keller, who manages the program.

“This is why we are thrilled to bring you this new platform, continue to grow our community of bug hunters and support the skill development of up-and-coming vulnerability researchers.”

Google Bug Hunters

(Image credit: Google)

Google Bug Hunters

In a blog post, Google explains that the new scheme will bring the individual bounty programs for its various products (e.g. Google Search, Android, Chrome, Play) under one roof, providing a single funnel through which vulnerabilities can be reported.

Bug Hunters will also introduce a measure of gamification in the form of country-specific leaderboards and award badges, which Google says will increase interaction and competition within the community. 

Meanwhile, to help researchers sharpen their bug-hunting abilities and improve their reports, the company has published a library of educational resources, housed under a section of the platform called Bug Hunter University. From here, researchers can view successful reports from the past, browse suggested bug targets and learn how to properly prepare and format a disclosure.

Google also took the opportunity to encourage users to submit reports relating to bugs in free and open source software (FOSS), which can also be eligible for reward under the scheme.

TOPICS
Joel Khalili
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.