Google Debuts Quality Ratings for Security Bug Disclosures

  /     /     /  
Publicated : 23/11/2024   Category : security


Google Debuts Quality Ratings for Security Bug Disclosures


New rules aim to level up the quality of submissions to Google and Android device Vulnerability Reward Program.



Google and Android will now assess device vulnerability disclosure reports based on the level of information that bug hunters provide in order to encourage more comprehensive submissions.
Vulnerability reports submitted to the Android and Google Vulnerability Reward Program (VRP) will be rated as High, Medium, or Low quality based on these elements, according to Google Security:
The accuracy and detail of the vulnerability description
Analysis of its root cause
Proof of concept
Reproducibility
Evidence of reachability
Google and Android have also upped the top bug bounty prize to $15,000.
Additionally, starting March 15th, 2023, Android will no longer assign Common Vulnerabilities and Exposures (CVEs) to most moderate severity issues, the
Google Security blog post
announcing the VRP changes said. The CVEs will continue to be assigned to critical and high severity vulnerabilities.
Bugcrowd founder and chief technology officer (CTO) Casey Ellis applauds the effort by Google to define the elements of a high-quality vulnerability disclosure.
Nothing happens without effective communication. ... The power of crowdsourcing brings with variability in how vulnerability submitters communicate, and the downstream effectiveness of the report at communicating the risk to those who need to fix it, Ellis says, in response to the new VRP rules. Google stepping up to help educate the hacker community on the things which make communication more effective is an enormous win for both the space and the community itself.
In 2022 alone,
Googles VRPs
paid out a record-setting $12 million in bug bounties.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Google Debuts Quality Ratings for Security Bug Disclosures