Blog Posts

Here's a list of blog posts we've made along the years related to the Vulnerability Reward Program.

  1. https://blog.chromium.org/2010/01/encouraging-more-chromium-security.html

    1. Chromium launches it's own VRP, similar to Mozilla's

  2. https://security.googleblog.com/2010/11/rewarding-web-application-security.html

    1. Google launches it's VRP, following Chrome's (this was the first 1337 reward, to answer her question)

  1. https://blog.chromium.org/2012/08/chromium-vulnerability-rewards-program.html

    1. Larger rewars for Chrome

  1. https://blog.chromium.org/2012/10/pwnium-2-begins.html

    1. Chrome runs Pwnium 2 on HITB

  1. https://security.googleblog.com/2013/06/increased-rewards-for-googles-web.html

    1. Google increases rewards (2x) for XSS and a few other types of bugs

  1. https://security.googleblog.com/2013/08/security-rewards-at-google-two.html

    1. Google+Chrome reach the 2MUSD mark

  1. https://security.googleblog.com/2013/10/going-beyond-vulnerability-rewards.html

    1. Launch of Patch Rewards, for OSS

  1. https://security.googleblog.com/2015/01/security-reward-programs-year-in-review.html

    1. We launch Research Grants, paying people before they find any bugs

  1. https://security.googleblog.com/2015/02/pwnium-v-never-ending-pwnium.html

    1. Last Pwnium organized by Chrome, it becomes a forever-running contest

  1. https://security.googleblog.com/2015/06/announcing-security-rewards-for-android.html

    1. Android VRP is launched

  1. https://drive.googleblog.com/2015/12/keeping-things-safe-should-be-rewarded.html

    1. 1MUSD of budget for Grants allocated by Google Drive

  1. https://security.googleblog.com/2016/01/google-security-rewards-2015-year-in.html

    1. Year in review summary from previous year, we talk about the $6006.13 reward to Sanmay

  1. https://security.googleblog.com/2016/06/one-year-of-android-security-rewards.html

    1. Android VRP is one year old, and issued a lot of rewards

  1. https://googleprojectzero.blogspot.com/2016/09/announcing-project-zero-prize.html

    1. Project Zero prize (something like pwnium, but for Android) launched

  1. https://security.googleblog.com/2017/01/vulnerability-rewards-program-2016-year.html

    1. Year in review summary for previous year, we talk about dancing alert() videos, donations and some of our Indian researchers

  1. https://security.googleblog.com/2017/02/80211s-security-and-google-wifi.html

    1. We announced that Google WiFi and OnHub are in scope of the Google VRP

  1. https://security.googleblog.com/2017/03/vrp-news-from-nullcon.html

    1. We increased reward amounts again, this time from 20k to 31,133.7 USD