Google on Tuesday celebrated the anniversary of its Vulnerability Rewards Program (VRP) by launching bughunters.google.com, a site that brings together all of the VRPs it has for Google, Android, Abuse, Chrome, and Play, and puts them on a single intake form that aims to make it easier for bug hunters to submit issues.
Along with the single intake form, Google touts a more interactive, gamified site that offers per-country leaderboards and awards for finding certain bugs. The site also features opportunities for bug hunters to improve their skills through Bug Hunter University.
Cyber defense stands to benefit from more and better crowdsourcing opportunities, said Hitesh Sheth, president and CEO at Vectra.
“Some believe information sharing heightens risk, if only the erosion of some competitive edge,” Sheth said. “But in truth, if all the white hats work in isolation, the all-too-frequent results are duplication of effort, missed signals, and unwanted outcomes. Another community of strong actors dedicated to better security through information sharing is a net positive step. Remember, the black hats collude against us this way every hour of the day.”
Hank Schless, senior manager, security solutions at Lookout, added that Google has done a great job of essentially crowdsourcing their bug and vulnerability reporting, and with this new program they’ll grow their community.
“Google has always taken a more open approach to its software than comparable companies,” he said. “Android, for example, is built on open-source technology that enables more customization of the OS. Relying on others to help report on issues is a key part of creating a secure customer experience that can continue to improve.”