Google launched its bug bounty program more than ten years ago now, and it's safe to say it's been a big success. Last year alone, the company paid out a whopping $6.7 million to independent researchers who discovered issues with its products. As it heads into its second decade, Google's Vulnerability Rewards Program (or VRP) has shared some details surrounding its accomplishments, along with a major reinvention of the entire platform.
Since VRP launched in November 2010, over 11,000 bugs have been found and rewarded, with over 2,000 contributors in 84 countries working to strengthen Google's apps. As a bug bounty service, it's paid out $29,357,516 — that's an average of nearly $15,000 per researcher. To attract new supporters, Google is relaunching the VRP with a new website that unites all five of its targeted services (Android, Abuse, Chrome, Play, and Google itself) into a single platform.
Alongside this reinvention comes a whole slew of new mechanics to make bug hunting all the more enticing. Gamification elements, including country-based leaderboards, awards, and badges, all help to push users to work harder in discovering vulnerabilities. Google is also placing a stronger emphasis on educating anyone who wants to jump into the VRP with Bug Hunter University, filled with explainers and tutorials for anyone diving in headfirst. A streamlined submission process keeps things clear and easy to follow. Finally, Google promises bug hunting swag for special occasions is coming soon, a fan-favorite request finally fulfilled.
If you've been looking for a chance to join up with the VRP, this seems as good an opportunity as any. According to today's blog post, Google hired nearly 20 employees thanks to their experience with bug hunting. These new gamification and education elements make it that much easier to jump in, so head on over to the Bug Hunters website if you're ready to get started.