Google Online Security Blog: Announcing new reward amounts for abuse risk researchers

Security Blog

The latest news and insights from Google on security and safety on the Internet

Announcing new reward amounts for abuse risk researchers

1 septembre 2020

Posted by Marc Henson, Lead and Program Manager, Trust & Safety; Anna Hupa, Senior Strategist, at GoogleIt has been two years since we officially expanded the scope of Google’s Vulnerability Reward Program (VRP) to include the identification of product abuse risks.

Thanks to your work, we have identified more than 750 previously unknown product abuse risks, preventing abuse in Google products and protecting our users. Collaboration to address abuse is important, and we are committed to supporting research on this growing challenge. To take it one step further, and as of today, we are announcing increased reward amounts for reports focusing on potential attacks in the product abuse space.

The nature of product abuse is constantly changing. Why? The technology (product and protection) is changing, the actors are changing, and the field is growing. Within this dynamic environment, we are particularly interested in research that protects users' privacy, ensures the integrity of our technologies, as well as prevents financial fraud or other harms at scale.

Research in the product abuse space helps us deliver trusted and safe experiences to our users. Martin Vigo's research on Google Meet's dial-in feature is one great example of an 31337 report that allowed us to better protect users against bad actors. His research provided insight on how an attacker could attempt to find Meet Phone Numbers/Pin, which enabled us to launch further protections to ensure that Meet would provide a secure technology connecting us while we're apart.

New Reward Amounts for Abuse Risks

What’s new? Based on the great submissions that we received in the past as well as feedback from our Bug Hunters, we increased the highest reward by 166% from $5,000 to $13,337. Research with medium to high impact and probability will now be eligible for payment up to $5,000.

What did not change? Identification of new product abuse risks remains the primary goal of the program. Reports that qualify for a reward are those that will result in changes to the product code, as opposed to removal of individual pieces of abusive content. The final reward amount for a given abuse risk report also remains at the discretion of the reward panel. When evaluating the impact of an abuse risk, the panels look at both the severity of the issue as well as the number of impacted users.

What's next? We plan to expand the scope of Vulnerability Research Grants to support research preventing abuse risks. Stay tuned for more information!

Starting today the new rewards take effect. Any reports that were submitted before September 1, 2020 will be rewarded based on the previous rewards table.

We look forward to working closely together with the researcher community to prevent abuse of Google products and ensure user safety.

Happy bug hunting!

Google

Libellés : Security

Aucun commentaire :

Publier un commentaire

Libellés

#sharethemicincyber
#supplychain #security #opensource
android
android security
android tr
app security
big data
biometrics
blackhat
C++
chrome
chrome enterprise
chrome security
connected devices
CTF
diversity
encryption
federated learning
fuzzing
Gboard
google play
google play protect
hacking
interoperability
iot security
kubernetes
linux kernel
memory safety
Open Source
pha family highlights
pixel
privacy
private compute core
Rowhammer
rust
Security
security rewards program
sigstore
spyware
supply chain
targeted spyware
tensor
Titan M2
VDP
vulnerabilities
workshop

Archive

2024
- nov.
- oct.
- sept.
- août
- juill.
- juin
- mai
- avr.
- mars
- févr.
- janv.

2023
- déc.
- nov.
- oct.
- sept.
- août
- juill.
- juin
- mai
- avr.
- mars
- févr.
- janv.

2022
- déc.
- nov.
- oct.
- sept.
- août
- juill.
- juin
- mai
- avr.
- mars
- févr.
- janv.

2021
- déc.
- nov.
- oct.
- sept.
- août
- juill.
- juin
- mai
- avr.
- mars
- févr.
- janv.

2020
- déc.
- nov.
- oct.
- sept.
- août
- juill.
- juin
- mai
- avr.
- mars
- févr.
- janv.

2019
- déc.
- nov.
- oct.
- sept.
- août
- juill.
- juin
- mai
- avr.
- mars
- févr.
- janv.

2018
- déc.
- nov.
- oct.
- sept.
- août
- juill.
- juin
- mai
- avr.
- mars
- févr.
- janv.

2017
- déc.
- nov.
- oct.
- sept.
- juill.
- juin
- mai
- avr.
- mars
- févr.
- janv.

2016
- déc.
- nov.
- oct.
- sept.
- août
- juill.
- juin
- mai
- avr.
- mars
- févr.
- janv.

2015
- déc.
- nov.
- oct.
- sept.
- août
- juill.
- juin
- mai
- avr.
- mars
- févr.
- janv.

2014
- déc.
- nov.
- oct.
- sept.
- août
- juill.
- juin
- avr.
- mars
- févr.
- janv.

2013
- déc.
- nov.
- oct.
- août
- juin
- mai
- avr.
- mars
- févr.
- janv.

2012
- déc.
- sept.
- août
- juin
- mai
- avr.
- mars
- févr.
- janv.

2011
- déc.
- nov.
- oct.
- sept.
- août
- juill.
- juin
- mai
- avr.
- mars
- févr.

2010
- nov.
- oct.
- sept.
- août
- juill.
- mai
- avr.
- mars

2009
- nov.
- oct.
- août
- juill.
- juin
- mars

2008
- déc.
- nov.
- oct.
- août
- juill.
- mai
- févr.

2007
- nov.
- oct.
- sept.
- juill.
- juin
- mai

Feed

Follow

Give us feedback in our Product Forums.

Google
Privacy
Terms