Image

Image

The technology (product and protection) is changing, the actors are changing, and the field is growing. Within this dynamic environment, we are particularly interested in research that protects users' privacy, ensures the integrity of our technologies, as well as prevents financial fraud or other harms at scale.The employees made the point that some things hadn't changed, however. For instance, they emphasized that the bug bounty rewards still pertained to issues in which a malicious actor could potentially change a product's code. Those awards did not include the removal of abusive content at the time when Henson and Hupa disclosed the above-mentioned changes. Per these employees' announcement, Google would reward all reports of product abuse submitted before September 1 using its old rewards scheme. It would use its new award framework for reports submitted on or after September 1. Google had received more than 750 reports of previously unknown product abuse issues through its bug bounty program at the time of Henson and Hupa's blog. News of these increased reward amounts arrives approximately one year after Google expanded the scope of its Vulnerability Reward Program (VRP) to take product abuse risks into account.