Bug hunting can be a lucrative hobby. Now, here how you can earn money by disclosing google security flaws. As you may not know, some “white hat.” hackers do it full-time, and bug bounty programs let you join. You’ll get money and credit, and Google has begun a scheme to reward bug finders in open-source software.
READ:
Google Open-Source Software Vulnerability Rewards Program
Open-source software must be secure because many organizations use it. Cybercriminals exploit security weaknesses and vulnerabilities to steal data, hidden charges, bank accounts, and cryptocurrencies.
Google expanded its vulnerability rewards program to cover open-source software due to increased hacker incidents.
In particular, the OSS VRP is concerned with the latest versions of software stored at Google’s public repositories on GitHub and a few other platforms. Also in the program’s scope are the settings for setting these repositories up.
Accepted Vulnerability Reports
The OSS VRP at Google divides bugs and security holes into three main project tiers. The flagship OSS projects, standard OSS projects, and low-priority OSS projects are listed in order of importance. The software automation tool Bazel, the programming language Golang, and Fuchsia’s operating system are all flagship projects.
Google Home Speakers Can Be Used by Hackers to Eavesdrop
Bugs are also put into three groups, with supply chain compromises being the most important. Product vulnerabilities and other security issues are next on the list.
How Much Can you Earn?
The payout depends on the bug’s severity and classification. You can get $31,337 (₱1.76 million). At the same time, $100 (5,600) is the minimum reward. Low-priority projects, ancient ones, are not rewarded for reported problems.
You can donate your reward to a charity if you want something other than money. Public acknowledgment (if you desire to be thanked) and bug-hunting skills can be valuable for job seekers.
Residents of some countries, like Cuba and North Korea, are not eligible because of sanctions and legal issues. Employees of Google and companies that work with Google are also not eligible for rewards.
Last year, Google gave $8.7 million to people who found bugs.
How Do You Disclose Google Security Vulnerabilities?
To send in a report, you need to go to the Google product form page for VRP. You’ll need to make a profile as a bounty hunter and sign in. Then, as you go through the five steps, you’ll need to fill in the necessary information. You will be asked to explain the bug, where it is, what problems it causes, and which products or websites it affects. One of the steps is to give technical information, such as how to reproduce the bug, exploits that show how it works, and crash dumps.
After you send in your bug report, you’ll get an email letting you know it was received. Within the next 14 days, someone from Google will check if your report is accurate and may get in touch with you for more information. They will also figure out how bad the bug is. If the report is correct, someone will contact you about the reward.
READ MORE ABOUT GOOGLE:
