Google has shared about a new program in its Vulnerability Rewards Program (VRP). The company is bringing everything under the same roof. It launched its first VRP more than ten years ago and has offered rewards for 2,022 security researchers for identifying bugs in its system. Google also shared that it has rewarded $29,357,516 since January 2010 after it launched the Chromium vulnerability reward program. The rewards are offered from $100 to $31,337. But the total amount of rewards is more for exploit claims.
In the case of Alpha Lab’s Guang Gong, he received a large amount of $201,337 payout for a remote code execution exploit chain that targeted Pixel 3 devices. The reward he received for the work is the biggest single payout ever. Do you want to know more details about the vulnerability reward Program? Continue reading to know more.
Table of Contents
Know about Google vulnerability reward Program
The Vulnerability reward program is a platform that offers the researchers a chance to get rewards when they find bugs in Google’s platforms like Google Play, Google Chrome, and others. In this way, the people finding bugs are called the Bug hunters. Google can find any discrepancies or flaws in its system and improve its resources through this arrangement.
Last year Google set another record in its Vulnerability Reward Programs. In 2021 they partnered with the security researcher community to fix thousands of vulnerabilities. This ensures that they keep the internet as well as their users safe from trouble.
So the company showed its gratitude to the researchers because of whom the Vulnerability Reward Programs have grown. In 2021 alone they rewarded a record-breaking $8,700,000 in vulnerability rewards. Also, the researchers donated over $300,000 of their rewards to the charities of their choice.
In 2021 they also started bughunters.google.com. It is a public researcher portal that exists to keep Google products and the internet safe. This new platform is going to bring all of Google’s vulnerability reward Programs such as Andriod, Chrome, Abuse, and Google Play under one roof. So the security bug submission is going to be easier than ever. The new bug control portal is going to have the following offers.
- There are going to be more opportunities for interaction. Also healthy competition through the arrangements like gamification, per-country leaderboards, awards/badges for particular bugs, and more.
- Functional and aesthetically pleasing leaderboards. Google knows that many of the bug hunters are using the achievements they gain in the VRPs to find jobs. So Google itself is hiring them to work from them. The Leaderboard is a useful resource for this job.
- A stronger focus on learning is offered. The bug hunters will be able to develop their skills through the content available in the new Bug Hunter University.
- Sharing knowledge is good for the community. That is why Google makes it easier to publish bug reports.
- There is now Swag offered. Google provides rewards to the first twenty folks who share this blog post on their Twitter and tag @GoogleVRP.
What is the VRP on Andriod?
The vulnerability reward Program in Andriod has doubled its 2020 payout in 2021. There are 3 million dollars in rewards and it is the highest payout in Android VRP history. Further, an exploit chain was discovered in Andriod and it received an award of $157,000.
In the program, the Android Chipset Security Reward Program was also offered. This was a private invite-only- program that is offering rewards and recognition for the hard work of the security researchers. They are investing their time and effort and also making the Andriod devices more secure. In 2021 alone the ACSRP paid $296,000 for over 220 valid security reports.
Some of the top researchers who helped Google to keep Andriod safe and secure are Aman Pandey, Yu-Cheng Lin, and Researcher firstname.lastname@example.org.
To celebrate 10 years of @google's Vulnerability Rewards Programs, we are excited to announce the launch of our new platform: https://t.co/iBpWvPDcvl!— Google VRP (Google Bug Hunters) (@GoogleVRP) July 27, 2021
Learn more about the platform and enhancements to our VRP program here: https://t.co/cZmBCyt91c pic.twitter.com/Bs8xflx7ab
What is the VRP in Chrome?
The Chrome VRP also has set new records. Over 115 Chrome researchers got the reward for 333 unique Chrome security bugs in 2021. The VRP rewards for that year were $3.3 million. The contributions of the researchers helped Chrome to improve and also increased the security of all the browsers. Some of the bug hunters who received rewards from Google in 2021 are Rory McNamara, VRP researcher Leecraso, and Chrome Browser VRP researcher Brendon Tiszka. They each received praise from Google and also a hefty sum of money.
What is the VRP in Google Play?
Google Play paid $550,000 in rewards to over sixty unique security researchers. The VRP even released the Andriod hacking app hacking workshop content and published it. They did this to empower the security researchers of the next generation.
What is the GCP VRP prize?
The GCP VRP prize is to encourage security researchers to focus on the Google Cloud Platform. The GCP VRP prize was launched in 2019. Stay tuned for the 2021 winners of the GCP VRP prize.
What is Google looking forward to in the future?
After launching the new Bug Hunters portal, Google has plans to continue improving the platform. They are listening to the researchers on ways to improve the platform. Bug Hunter University is also ready to help researchers to know more about bug control. In this way, with team effort, the internet can be a secure place. Many can use Google products with convenience and ease.
Google vulnerability reward program is one of the ways that help Google to find vulnerabilities or flaws in its system. That is why it is encouraging technical experts to become bug hunters.