How to receive Google rewards if failures are noticed in its services

Google has an initiative that seeks to improve the security of its services with the help of the community. This is the Vulnerability Reward Program (VRP), which invites security researchers to report bugs in their systems, with the aim of making them more secure.

The company pays these specialists for the time and effort they spend on this task.

The company recently reported that a record $8,700,000 was invested. The figure represents a significant leap from the $6.7 million invested last year.

In turn, the company mentioned on its blog that the award-winning researchers donated more than $300,000 of their rewards to charities of their choice.

What type of incidents can be reported and how to report them

In principle, any web service owned by Google or a subsidiary of Alphabet (Bet) that handles reasonably sensitive user data is within the scope of the VRP program.

This includes bugs in Google Cloud Platform, applications and extensions developed by Google and Verily Life Sciences (published on Google Play, Apple App Store or Chrome Web Store), as well as some of the hardware devices in the company such as Home, OnHub or Nest, among others. Those who find errors and want to report them should enter this form.

Vulnerabilities within Android

Within the program to report vulnerabilities, there is one intended to report bugs within the Android ecosystem, one of the most popular and interesting since the mobile operating system is one of the most used in the world.

Here are rewards that go up to one million dollars, such as those vulnerabilities linked to code execution in the Pixel Titan M.

Reward amounts vary depending on the severity of the error, as well as the type of report presented when identifying them.

Higher values are paid for full reports that include a high-quality proof of concept that is played on a recent version of Android. To report incidents within the Android ecosystem as well as to obtain more technical details about them, please enter here.

It should be noted that according to the latest statement released by Google, total expenditures on Android doubled in 2021: almost $3 million in rewards, whose highest payment was $157,000 - the largest in its history - was paid to researchers who warned the critical exploitation chain CVE-2021-39698.

Scholarship program

On the other hand, researchers can also be part of the experimental grant program for vulnerability research, a scholarship system aimed at those who wish to analyze in detail the security of their products and services. To sign up for this program you must enter here.

Grant amounts range from $500 to $3,133.7, depending on the type of incident being reported. Six years after the launch of this initiative, Google assured that in 2021 it granted more than $200,000 in grants to more than 120 security researchers around the world.

Android Chipset Security Rewards

He also highlighted that in 2021 an Android Chipset Security Rewards Program (ACSRP) was launched, a vulnerability reward program offered by Google in collaboration with the manufacturers of these components developed by Android.

This is a private project that interested parties can only join by invitation. In total, the ACSRP paid more than $296,000 for more than 220 valid security reports to these researchers.

For its part, Chrome VRP has also recorded record numbers, as 115 researchers of this vulnerability program were rewarded by 333 unique reports of security bugs.

Big Hunting Community

Last year, the company launched Google Bug Hunting Community, a public research portal aimed at keeping Google products (Android, Chrome and Google Play) and the Internet safe and secure.

It is a platform that opens with a single security form that allows users and researchers to report security errors and offers interactive opportunities through games and country leaderboards, among others. To be part of this program you have to enter here.

Those interested in strengthening their learning in this regard can access the content available Bughunter University, which includes recommendations and tricks to detect these problems.

KEEP READING: