Google has declared the start of a new bug bounty platform that will make it less difficult for vulnerability hunters to post issues.
Offered less than bughunters.google.com, the system provides jointly all of the tech giant’s vulnerability reward programmes (VRP) – Google, Android, Abuse, Chrome, and Play – with hunters ready to post issues employing a single ingestion sort.
In addition, the new system will supply a lot more options for interaction with other hunters by way of gamification, which includes awards and badges for sure bug-reporting achievements.
Google has also enhanced its VRP leaderboards, which will now be “more practical and aesthetically pleasing”, as properly as show the most effective hunters for each country, producing it simpler to use the outcomes to increase a CV when making use of for a work in tech.
The new platform also provides greater emphasis on investigation and education and learning, making it less complicated for hunters to publish their bug studies in purchase to share their expertise. Hunters will also be in a position to increase their abilities by means of the recently-released Bug Hunter College, which includes courses on how to post a productive vulnerability report.
Investigation papers on the security of open supply will be qualified for a reward, just like open source software package patch submissions, whilst hunters increasing security in open up resource programmes will be qualified to use for a grant to greater protected their own tasks.
Commenting on the announcement, Google VRP complex programme supervisor, Jan Keller, explained that when Google introduced its “very first VRP” about a ten years in the past, no one particular understood “how numerous legitimate vulnerabilities – if any – would be submitted on the first day”.
“Everyone on the group set in their estimate, with predictions ranging from zero to 20. In the finish, we essentially acquired extra than 25 studies, getting all of us by shock,” he added.
A few many years later, the programme was expanded to contain open supply as well as Google Android and Apache.
“Since its inception, the VRP programme has not only developed drastically in conditions of report volume, but the workforce of security engineers behind it has also expanded – such as virtually 20 bug hunters who noted vulnerabilities to us and ended up signing up for the Google VRP team. That is why we are thrilled to convey you this new platform, proceed to increase our community of bug hunters and guidance the talent growth of up-and-coming vulnerability researchers,” explained Keller.
Some areas of this article are sourced from: