Google says it has paid more than $29 million in rewards for pre-patch vulnerability data over the past 10 years.
Since the launch of Google Vulnerability Rewards Program (VRP) 10 years ago, the company said it paid bounties on 11,055 vulnerabilities that were reported by 2,022 researchers from 84 countries. To date, the company paid a total of $29,357,516.
Separately, the search giant announced that it is bringing all of its VRPs (Abuse, Android, Chrome, Google, and Play) together on a single online platform — bughunters.google.com.
With the new website, Google wants to make it easier for researchers to submit security flaw discoveries, while also offering a series of additional improvements, such as more interaction opportunities, a redesigned leaderboard, the opportunity for researchers to improve their skills at a Bug Hunter University, a streamlined process for publishing bug reports, and more.
Google said researchers may receive rewards for patches submitted to open-source software, as well as for research papers on the security of open source. What’s more, subsidies may be offered to open-source software, the company says.
“Since its inception, the VRP program has not only grown significantly in terms of report volume, but the team of security engineers behind it has also expanded – including almost 20 bug hunters who reported vulnerabilities to us and ended up joining the Google VRP team,” Google said.