Under the terms of the new initiative, every security researcher who has submitted at least two successful security vulnerability reports to Google over the past two years is eligible for a one-time $1,337 research grant.
This is an extension of the Vulnerability Research Grant launched by Google in January 2015 to complement its Vulnerability Reward Program (VRP), which pays researchers bug bounties on a per-bug basis.
Google hopes the additional financial support will help to protect users of its many services as the number of cyber-attacks surges during the coronavirus pandemic.
“We understand the individual challenges COVID-19 has placed on the research community are different for everyone and we hope that these grants will allow us to support our bug hunters during these uncertain times,” said Anna Hupa, senior strategist for trust and safety at Google, in a blog post yesterday (April 20).
As with other Google Vulnerability Research Grants, successful applicants will still be eligible for VRP rewards if their research efforts uncover security flaws.
Also in line with the other grants, bug hunters will be given the option to donate the funds to a worthy cause, in this instance to charities undertaking work related to Covid-19, which Google will match “within our discretion”.
Google security researchers donated a record-breaking $500,000 to charity last year from their bug bounty earnings.
Nine years after the launch of VRP, the total value of rewards generated under the program was also unparalleled in 2019, with Google paying out over $6.5 million in bug bounties – double that of any other year.