Just finding the security bug is paid by Google, Vietnamese white hat hackers can join

Tram Ho

Recently, the fact that a series of applications with hundreds of millions of downloads on Google Play was found embedded with malicious code has made many technology users feel insecure. Notably, these malicious codes were implemented by a third party by taking advantage of security holes, silently injecting malware into the latest software updates. More seriously, the app developer himself doesn’t allow or even even know it.

Concerns from users and media have forced Google to be more drastic to resolve this serious incident. The first measure was taken by Google, when the technology company recently announced it would make a series of major changes to the “bug hunting rewards” program, otherwise known as the official Google Play Security. Reward Program (GPSRP).

Cứ tìm ra lỗi bảo mật là được Google trả tiền, hacker mũ trắng Việt Nam có thể tham gia - Ảnh 1.

The most important change with GPSRP comes from scaling up the program. Previously, Google only rewarded developers for discovering security issues in its own eight major applications, so with the latest changes, they could receive bonuses up to. $ 30,000 for finding vulnerabilities in applications on the Google Play Store. More specifically, “bug-reward-hunting” program will apply to applications with more than 100 million downloads on the Play Store.

In case security researchers find security holes in a common application (but without a bounty program), Google will help white-hat hackers to notify identified vulnerabilities to developers. The application is affected, and the reward payment is also made.

Meanwhile, for applications that have their own “bug-hunting” programs, security researchers can receive bonuses from both the application developer and Google, through the GPSRP program. .

Cứ tìm ra lỗi bảo mật là được Google trả tiền, hacker mũ trắng Việt Nam có thể tham gia - Ảnh 2.

With the expansion of GPSRP to non-Google applications, the Silicon Valley-based company expects security researchers to be more actively involved in detecting and reporting serious security errors. . At the same time, GPSRP is also expected to limit security researchers from disclosing themselves, or even selling information about security holes to dangerous groups of hackers.

Currently, there have been a number of app developers participating in this new Google “bug-hunting” program, including popular applications such as Grammarly, Livestream, Priceline, Shopify, Showmax, Spotify, Sweatcoin and Zomato. .

Reference The Forbes

 

 

Share the news now

Source : Trí Thức Trẻ