Post is pinned.Post has attachment
Updated the 0x0A list for 2015

Hey! We finally decided all the rewards from 2015. That means we have updated the 0x0A list! This counts all reports since the start of the program up-to today, with some additional points to those that donated their rewards to charity, and some additional points to those that reported bugs recently.

Take a look at the new list here:

Some of the highlights:
* +Tomasz Bojarski took over the 0x00 place. Well done!
* The top 5 remain the same, although +João Lucas Melo Brasio went up one spot to the 0x02 place.
* +Adi Ivascu and +panda boo were the fastest-rising researchers this year. They have almost the same score.
* We got a newcomer on the 0x05 place. Maybe we'll announce who that is soon.
* And +Michał Bentkowski is a newcomer to the 0x0A place.

Congratulations to all of you!! And hope 2016 is as good of a year as 2015 was :).

Post has attachment
Hello Everyone!

We just wanted to let you all know that we will be using Twitter instead of G+ going forward:

The reasons are mostly because we noticed you are all using Twitter for the purpose of what we wanted this to become, so we'll embrace that :)

Post has attachment
Very Happy New Year 2017 everyone!
Wish you all the best & lots of success :~)

Also here is one of my more favorite bugs of the last year in Google...
Hope you like it!

Post has attachment
While open redirects are meh most of the time for the VRP, sometimes they allow for interesting bug chains like this one. Take a look how Tomasz Bojarski exploited not one, but two open redirects for a neat XSS!

Post has attachment

will it be a google G zero event as the last year ?

Post has attachment
We've published a writeup on one of the best account recovery reports we've received so far. It's from Ramzes, involves a nice chain of bugs to take over an arbitrary user's account, and it was worth $12,500 thanks to the Bug Chain Bonus. Enjoy! :)

Post has attachment
Happy New Year 2016 to you all!

Hope you had a great year to remember and hope the next one will even better :-)

Personally, I had quiet fruitful 2015 as I managed to get 70 valid reports to Google VRP alone and I would like to share with you one of my more interesting discoveries. Hope you like it ;~)

- Happy Bug Hunting! -

Post has attachment

Thank you all for all the help during 2015.

For now, a bunch of the Google Security Team is on vacation, so we might be slower to respond on Twitter and G+, but for urgent issues we had some brave colleagues looking after reports you send during the holidays via

On other news, we just made a small announcement for Grants (link below) the first run will be sent beginning of 2016 :-)

Good luck, and have fun!

Post has attachment
Wait while more posts are being loaded