Thursday, December 5, 2024
HomeBug BountyNew Android & Google Device Vulnerability Reward Program - Rewards of up...

New Android & Google Device Vulnerability Reward Program – Rewards of up to $15,000!

Published on

SIEM as a Service

Google’s Device Vulnerability Reward Program helps the company identify security flaws in its operating system and devices.

To promote additional security research in areas of their products that will have a greater impact and protect the users’ security, Google is launching a new quality rating system for security vulnerability reports.

“We are pleased to announce that we are implementing a new quality rating system for security vulnerability reports to encourage more security research in higher impact areas of our products and ensure the security of our users,” Google.

- Advertisement - SIEM as a Service

Based on the level of information given in the report, this system will assign vulnerability reports a High, Medium, or Low-quality rating. Further, Google is raising the incentives for the most critical flaws to $15,000.

“The highest quality and most critical vulnerabilities are now eligible for larger rewards of up to $15,000!” Google said.

Significant Elements of the Report

  • Accurate and detailed description

A report should correctly and completely characterize the vulnerability, including the name and version of the affected device.

  • Root cause analysis

A proof-of-concept that successfully illustrates the vulnerability should be included in a report comprising video records, debugging output, or other pertinent data.

  • Reproducibility

A report should contain a step-by-step procedure for reproducing the vulnerability on an eligible device running the most recent version.

  • Evidence of reachability

A report should include evidence or analysis demonstrating the type of problem and the level of access or execution obtained.

Google also said it would no longer assign a Common Vulnerabilities and Exposures (CVE) classification to concerns of moderate severity, only to those of critical and high severity.

“Starting March 15th, 2023, Android will no longer assign Common Vulnerabilities and Exposures (CVEs) to the most moderate severity issues. CVEs will continue to be assigned to critical and high-severity vulnerabilities”, Google.

Google believes encouraging researchers to produce high-quality reports would strengthen the overall security community and its ability to take appropriate action.

“We believe that this new system will encourage researchers to provide more detailed reports, which will help us address reported issues more quickly and enable researchers to receive higher bounty rewards,” Google.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...