Google has already established a well-known Vulnerability Reward Program (VRP) for bug bounty hunters. However, the scope of the existing VRP misses out on some issues related to product abuse research. Hence, Google has now announced the launch of an experimental Abuse Research Grants Program covering such issues.
About Google Abuse Research Grants Program
Through a recent blog post, Google has announced the launch of a new experimental research grants program. Dubbed Abuse Research Grants Program, this dedicated effort will let Google better connect with and reward the researchers.
As elaborated in their post, the new grants program will work in addition to the existing Vulnerability Research Grants that the tech giant introduced in 2015. Under those research grants, Google would reward the researchers upfront for researching potential bugs in Google products. Under these grants, the tech giant would reward the bug hunters even if no bugs existed.
While it was a broad-scope program, it still missed out on some issues that Google believes the new Abuse Research Grants Program will cover. Whereas, like other research grants, this program will also reward the researchers upfront.
As stated in the post from the Google VRP Team,
With our new Abuse Research Grants Program, we hope to bring even more awareness to product abuse by connecting more closely with our experienced researchers – so we can all work together to overcome these challenges, prevent product abuse and keep our users safe.
Regarding how it’ll work, the tech giant will directly invite the researchers to the program. The researchers will receive upfront grants to start their work on the given target products. Google will share the list of programs with the researchers at the time of awarding the grants.
As for the rewards, the Vulnerability Research Grant Rules page mentions the amounts starting from $500 (USD) up to $3,133.7.
Together with these rewards, the researchers will also remain eligible for regular bug bounties as per the scope.