Google has announced a new experimental Abuse Research Grants Program for abuse-related tactics and product issues outside the scope of existing Vulnerability Research Grants and the Vulnerability Reward Program (VRP).
Grant amounts for the new Abuse Research Grants Program will vary from $500 up to $3,133.7 and will be awarded up-front before the researchers submit a bug found in Google features and products.
“Aimed at rewarding researchers looking for abuse related methodologies and sensitive product issues outside the scope of traditional security vulnerabilities,” Google says.
“We want to support external research that helps Google stay ahead of abuse and deliver trusted and safe experiences to users.”
How the new research grants program works
The goal of the new Abuse Research Grants Program is to support researchers’ efforts to find vulnerabilities in Google’s products, and it is expected that, in some cases, no vulnerabilities will be discovered.
Researchers’ chances to receive new grants will not be affected by failing to find new bugs after being awarded a research grant.
“With our new Abuse Research Grants Program, we hope to bring even more awareness to product abuse by connecting more closely with our experienced researchers – so we can all work together to overcome these challenges, prevent product abuse and keep our users safe,” the Google VRP Team added.
This is how the new research grants program works, according to Google:
- Google invites the top abuse researchers to the program.
- Grants are immediately awarded before research begins, with no strings attached.
- Bug Hunters apply for the targets Google shares with them and start their research.
- On top of the grant, researchers are eligible for regular rewards for the bugs they discover in the scope of Google’s VRP Bug Bounty program.
Over 1,000 bugs reported in the three years
Google first launched its experimental Vulnerability Research Grants in January 2015 to complement its long-running Vulnerability Reward Program.
The end goal of the research grants is to reward security researchers’ efforts who look into the security of Google services and products even if no vulnerabilities are found.
Since its launch, the program has proved remarkably successful with researchers’ contributions resulting in over 1,000 valid bugs mitigated to combat abuse risks that could lead to unexpected damage to users or Google’s platform.
Source: https://www.bleepingcomputer.com/news/security/google-announces-new-experimental-abuse-research-grants-program/