Recently, Google posted on its security blog: Thanks to the efforts of researchers who find vulnerabilities, the 2021 Vulnerability Reward Program (VRP) has issued a total of $8.7 million in bug bounties, and researchers will also receive 30% of the rewards. $10,000 was donated to charity.
In 2021, Google also launched a new bug bounty platform - Bug Hunters, which provides researchers with a unified entry to submit bugs in Google, Android, Chrome, Google Play, etc., simplifying the process.
In order to motivate researchers to participate more in this program, the platform has also introduced some leaderboard functions that are common in games. In this leaderboard, users can sort researchers by country, time, activity and other indicators, as well as display Rewards and badges for certain exploits.
Android
Compensation for Android Bug Bounty Program researchers doubled in 2021, compared to 2020, to nearly $3 million. And issued the highest system bug bounty in the history of Android VRP of $157,000.
Chrome
Google awarded $3.3 million to 115 researchers who submitted 333 Chrome security vulnerability reports. Of this, $3.1 million is for Chrome browser security bugs and $250,500 is for Chrome OS bugs, including a $45,000 reward for a single Chrome OS security bug and a $27,000 maximum reward for a single Chrome browser security bug.
Google Play
Google Play paid out $550,000 to more than 60 security researchers.
KCTF
The November 2021 kCTF cluster reward amount has been expanded from $5,000-10,000 to $31,337-50,337.
GCP
The GCP bug bounty, established in 2019, was awarded to researcher Ezequiel Pereira for finding an RCE vulnerability in Google Cloud Deployment Manager, totaling $133,337.
Finally, Google said that in the future, it will actively listen to the opinions of researchers and continue to improve the Bug Hunters platform.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。