Nothing’s ever really perfect, and that goes with computer hardware and software.
For years, the computer industry has relied on people (and sometimes, AI) to report issues that they find.
And Google is no different. For the past 10 years, Google ran a Vulnerability Rewards Program. With this, Google’s aim was to provide a channel where “bug hunters” could report bugs and errors to Google, and possibly be compensated in some way.
Over the program’s 10-year run, over 10,000 bugs were reported and over $29 million was rewarded.
A New Chapter Begins
A few days ago, Google announced a new bug-reporting platform, bughunters.google.com. Until this announcement, Google’s VRP was spread across Google, Android, Abuse, Chrome and Play. Now, with this announcement, all of those segments are brought together under one intake form, thus making it easier for bug hunters to submit issues they find.
A Potential Way to Be Recognized and Perhaps Earn a Position at Google
With this announcement come other improvements: Healthy competition via gamification, with leaderboards and badges (which can serve as a reference when looking for a job with Google’s VRP team).
Easier to publish bug reports. This is great for those who want to show off their expertise, and provide a public record of their work.
Open-Source Is Also Available
Apparently, the open-source aspect of the Vulnerability Rewards Program is not very well known.
Perhaps if it were better known, there would be fewer delays in the development and acceptance of open-source software.
Here are a few things you may not have known with regard to open source and the VRP:
Have you created open-source software? It might qualify for a subsidy.
Have you compiled a research report or white paper on the security of open source? It might win a reward! Submitting patches can also win you a reward
In conclusion, if you want to contribute to something, love solving problems, and you’re a little bit tech-savvy (or you’re willing to learn), then this program might be a worthy endeavor to pursue.
Source: Google Security Blog