google bug hunters

Google on Wednesday announced a new bug bounty program to celebrate the 10th anniversary of its Vulnerability Rewards Programme (VRP).

For those unaware, VRP was launched in January 2010 to reward the contributions of security researchers who invest their time and effort in finding and reporting bugs to Google to help keep the Internet safe and secure.

Over the past 10 years, 11,055 bugs have been reported in the company’s various platforms and resolved via VRP. Further, a total number of 2,022 researchers from 84 different countries worldwide have been rewarded to the tune of $29,357,516 among them.

To celebrate the 10th anniversary of VRP, Google has rebranded its VRP program, which will now be known as “Bug Hunters” (bughunters.google.com).

“When we launched our very first VRP, we had no idea how many valid vulnerabilities – if any – would be submitted on the first day. Everyone on the team put in their estimate, with predictions ranging from zero to 20. In the end, we actually received more than 25 reports, taking all of us by surprise,” Jan Keller, Technical Program Manager, Google VRP announced in a blog post.

“Since its inception, the VRP program has not only grown significantly in terms of report volume, but the team of security engineers behind it has also expanded – including almost 20 bug hunters who reported vulnerabilities to us and ended up joining the Google VRP team.”

According to Google, the new platform brings all of its VRPs (Google, Android, Abuse, Chrome, and Play) under one roof and streamlines the process of reporting bugs across the company’s platforms.

Bug Hunters will also include more opportunities for interaction and a bit of healthy competition through gamification in the form of country-specific leaderboards and award/badges for certain bugs and more.

The blog post said that it is also creating a more functional and aesthetically pleasing leaderboard to help those applying for a job with the company’s VRP team using their achievements.

Additionally, bug hunters can sharpen their bug-hunting skills and reports through the content available in Google’s new Bug Hunter University.

The company says that even submitting patches to open-source software is eligible for a reward, just as rewards for research papers on the security of open source.

“Thanks again to the entire Google bug hunter community for making our vulnerability rewards program successful,” Keller concluded.