Google unveils new Vulnerability Reward Program Initiatives for Android

The Google logo

One of the ways Google discovers security issues in Android is through its Vulnerability Reward Program. Researchers are able to submit Android vulnerabilities they discover, allowing Google to fix them. To improve the system, Google is adding a new quality rating system for security vulnerability reports that have a higher impact.

Under the new regime, vulnerability reports will be rated as High, Medium, or Low quality based on the amount of detail provided in the report. Google hopes the new system will encourage researchers to submit more detailed reports so it can address the issues more quickly. As a byproduct of this, it expects that researchers will receive higher bounty rewards.

In addition to the report quality rating system, Google is increasing the rewards for the most critical vulnerabilities up to $15,000. This should make it more appealing for researchers to spend time looking for bugs in Android, rather than some other company’s product.

Google said that it’s looking for accurate and detailed descriptions, root cause analysis, proof-of-concept, reproducibility, and evidence of reachability in reports. Google also said it will no longer give moderate severity issues a Common Vulnerabilities and Exposures (CVE) designation but will only do so for critical and high severity issues. If you’re interested in getting involved, check out Google’s public rules page.

Report a problem with article
The Xbox logo surrounded by rings
Next Article

Latest Xbox Insider Alpha and Alpha Skip-Ahead update adds Rewards points to the Home screen

Bing logo in front of Bing Chat
Previous Article

Microsoft Bing Chat starts rolling out its promised copying, sharing and export features

Join the conversation!

Login or Sign Up to read and post a comment.

1 Comment - Add comment

Advertisement