On the 10th anniversary of its Vulnerability Rewards Program (VRP), Google introduced a new bug bounty platform. There were 11,055 bugs discovered, 2,022 researchers rewarded, and approximately $30 million in total awards under the VRP program. In commemoration of the Program, Jan Keller, technical program manager for Google’s VRP, announced the launch of the new Bug Bounty platform: bughunters.google.com for hunters to submit issues.
“This new site brings all of our VRPs (Google, Android, Abuse, Chrome, and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues,” Keller said in a blog post.
Keller further said that the platform will have gamification aspects and will provide more opportunities to participate and compete. The company is also putting together a leaderboard to assist those who are looking for jobs by using their achievements in the VRP. Bug hunters will have even more opportunities to learn with the new Bug Hunter University.
“When we launched our very first VRP, we had no idea how many valid vulnerabilities, if any, would be submitted on the first day. Everyone on the team put in their estimate, with predictions ranging from zero to 20,” said Keller. “In the end, we received more than 25 reports, taking all of us by surprise. Since its inception, the VRP program has not only grown significantly in terms of report volume, but the team of security engineers behind it has also expanded – including almost 20 bug hunters who reported vulnerabilities to us and ended up joining the Google VRP team,” he added.
Other Vulnerability Rewards Program features, such as the opportunity to submit patches to open-source software for incentives and possible rewards for research articles on open-source security, should be utilized more, according to the blog post. Keller also expressed gratitude to the Google bug hunters community for their efforts and encouraged them to provide comments on the new platform.