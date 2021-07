Posted by Jan Keller, Technical Program Manager, Google VRP

A little over 10 years ago, we started the Vulnerability Rewards Program (VRP). Our goal is to establish a channel for security researchers to report bugs to Google and provide an efficient way to thank them for making Google, users and the Internet a safer place. did. To summarize the progress of these goals, a snapshot of what VRP has achieved in the community over the last decade: Total number of rewarded bugs: 11,055 Number of rewarded researchers: 2,022 84 countries’ representative rewards Total: $ 29,357,516 Over the next decade, we will be equally successful (or even better) and supportive. We are pleased to announce the launch of our new platform, bughunters.google.com.

This new site brings all VRPs (Google, Android, Abuse, Chrome, Play) closer and provides a single capture form that makes it easy for bug hunters to submit issues. Other improvements you will notice are:

Through gamification, country leaderboards, awards / badges for specific bugs, and more, you’ll have more opportunities to interact and a little more healthy competition! A more functional and aesthetically pleasing leaderboard. We know that many of you are using (and adopting) VRP achievements to find a job, and we hope this will serve as a useful resource. Focus on learning: Bug hunters can improve their skills through the content available at. Our New Bug Hunter College Streamlined Publishing Process: We know the value that knowledge sharing brings to our community. Therefore, we want to make it easy to publish bug reports. Swag will be supported on special occasions (I’ve heard it loud and clear). I would also like to shed some light on some aspects of VRP. This is not yet well known. For example, when we released our first VRP, we didn’t know how many vulnerabilities would be submitted on the first day. Everyone on the team gave a quote and the forecast ranged from 0 to 20. In the end, we actually received over 25 reports and surprised us all.

Since its inception, the VRP program has grown significantly in terms of reporting volume, as well as the team of security engineers behind it. This includes about 20 bug hunters who reported vulnerabilities and joined the Google VRP team.

As such, we are pleased to offer this new platform to continue to expand the bug hunter community and support the skill development of up-and-coming vulnerability researchers.

Thanks again to the entire Google Bug Hunter community for the success of the Bug Bounty Program. Please continue to try the new site and reporting system and tell us about it. We look forward to your feedback. Keep finding those bugs until next time!

