Rewarding security researchers for reporting bugs really helps to keep online services safe and secure. Google has been doing it for 10 years now, and is celebrating by launching a new platform called Bug Hunters.
Posting on the Google Security Blog, Jan Keller, Technical Program Manager, Google VRP, reveals that the company's multiple Vulnerability Reward Programs (VRP) have so far rewarded 2,022 researchers spread across 84 different countries who reported 11,055 valid bugs. In total, Google has paid them $29,357,516 in rewards.
In a bid to celebrate a decade of VRP and make it easier for security researchers to submit reports, Google is bringing the VRPs for Google, Android, Abuse, Chrome, and Play "closer together" under its new Bug Hunters platform. It will offer a single form to submit bugs, but also a streamlined process and more encouragement for those taking part.
Bug Hunters is gamifying the process of reporting, introducing per-country leaderboards, awards/badges for certain bugs, a more "aesthetically pleasing" leaderboard design, a streamlined publication process, and swag is being supported for special occasions.
Google is aware that reporting bugs and earning achievements is used by many individuals to help them gain employment (20 bug hunters now work for Google's VRP team), which is why the leaderboards are being visually updated and expanded. But a Bug Hunter University is also being introduced to allow security researchers to improve their skills.