Working with security researchers to make the web safer for everyone

What do a 19-year-old researcher from Uruguay, a restaurant
owner from Cluj, Romania and a Cambridge professor have in common?
They’re all security researchers—a global community of
professionals, academics, students and hobbyists who are essential
to the safety of our products and the web as a whole. We’re
grateful to be a part of this community and support their work in a
bunch of ways, including the Vulnerability Rewards Program and our
2018 Privacy and Security academic research awards.

Vulnerability Reward Program: Year in Review

Whether it’s been written by a PhD or a hobbyist, software
inevitably has bugs that make it behave in unexpected ways. The
important thing is that bugs are identified and patched as quickly
as possible. Back in 2010, we started the Vulnerability Reward
Program to get help from the security research community in
identifying and reporting bugs in Google apps and software. The
goal of the program is simple: encourage researchers to report
issues so that we can fix them quickly and keep users’ data
secure. We also provide financial rewards for bug reporters,
ranging from $100 to $200,000, based on the risk level of their
discovery. 

Since
2015
, we’ve taken a look back at what VRP researchers have
done to help make Google users safer. Here’s 2018, by the
numbers:

vrp2018

Thanks to researchers from all around the world, we’ve been
able to patch all different types of bugs. Ezequiel Pereira, a
19-year-old researcher from Uruguay, uncovered a Remote
Code Execution
“RCE” bug that allowed him to gain remote access
to our Google Cloud Platform console. Tomasz Bojarski from Poland
discovered a bug related to Cross-site scripting (XSS), a type of
security bug that can allow an attacker to change the behavior or
appearance of a website, steal private data or perform actions on
behalf of someone else. Tomasz was last year’s top bug hunter and
used his reward money to open a lodge and restaurant. After Dzmitry
Lukyanenka, a researcher from Minsk, Belarus, lost his job, he
began bug-hunting full-time and became part of our VRP grants
program
, which provides financial support for prolific
bug-hunters over time.

Security and Privacy Research awards

We’ve also worked closely with leading security and privacy
experts in academia, collaborating when we can provide the
technology needed to carry out specific
research
projects. Academic breakthroughs help improve data
privacy and security for years to come. Last year, we
announced
the Security and Privacy research awards, a new
effort to recognize academics who have made major contributions to
the field. Awards winners are selected by a committee of senior
security and privacy researchers at Google.

Today, we’re revealing the 2018 winners—and on their behalf,
we’re making a financial contribution to their universities
totaling more than half a million dollars:

Whether they’re finding bugs today or making breakthroughs
that will protect the web years into the future, the security
research community is making everyone’s information safer online.
We’ll continue to do our part to support it.

Source: FS – Social Media Blogs 2
Working with security researchers to make the web safer for everyone