Welcome to Bug Hunter University
Target recommendations
Our suggested bug targets and where to start hunting them.
Master your reporting
Reports that clearly and concisely identify the affected component, present a well-developed attack scenario, and include clear reproduction steps are quicker to triage and more likely to be prioritized correctly.
- Watch
google security |
What is a security vulnerability?
Invalid reports
Approximately 90% of the submissions we receive through our vulnerability reporting form are ultimately deemed to have little or no practical significance to product security and are thus invalid and do not qualify for a reward. In the spirit of openness, we have published a group of articles outlining some of the most common non-qualifying report types, with a brief explanation of our reasoning behind not treating them as a security risk.
Rewarded reports
Explore thousands of successful submissions and see what makes a reward-worthy report.
report a bug
Found something? Report it here
PRESENTATIONS