Google Launches New Bug Hunters Vulnerability Rewards Platform

Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof. From a report: Since launching its first VRP more than ten years ago, the company has rewarded 2,022 security researchers from 84 different countries worldwide for reporting over 11,000 bugs. [...] "To celebrate our anniversary and ensure the next 10 years are just as (or even more) successful and collaborative, we are excited to announce the launch of our new platform, bughunters.google.com," Google said.

"This new site brings all of our VRPs (Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues." The new VRP platform should provide researchers with per-country leaderboards, healthier competition via gamification, awards/badges for specific bugs, and more opportunities for interaction. Google also launched a new Bug Hunter University, which would allow bug hunters to brush up on their skills or start a hunting learning streak.

Combining resources

[The New Guy 2.0]

Seems like Google's looking for bugs in their underlying operating system, so they can quickly patch all platforms when one is discovered, instead of five separate tickets in unrelated systems. Onward with the bug hunting...

Perhaps I am old but.

[jellomizer]

Rewards and badges to find problems in your code, vs cold hard cash.

I would much rather have money than fame or bragging rights. Perhaps if I were 20 years younger bragging rights would be more appealing, but for experience folks this seems like just a nuisance competition to attract kids to do the bug checking, vs people with more experience. I much rather find 1 large problem bug and get paid $1000 for it, vs finding 100 bugs that are low to no risk just so I can get a badge.