"Google Debuts Quality Ratings for Security Bug Disclosures"

Google and Android announced recently that they will now assess device vulnerability disclosure reports based on the level of information that bug hunters provide in order to encourage more comprehensive submissions.  According to Google, vulnerability reports submitted to the Android and Google Vulnerability Reward Program (VRP) will be rated as "High," "Medium," or "Low" quality based on these elements: the accuracy and detail of the vulnerability description, analysis of its root cause, proof of concept, reproducibility, and evidence of reachability.  Google and Android have also upped the top bug bounty prize to $15,000.  Additionally, as of March 15th, 2023, Android is no longer assigning Common Vulnerabilities and Exposures (CVEs) to moderate severity issues.  The CVEs are still being assigned to critical and high severity vulnerabilities.  In 2022 alone, Google's VRPs paid out a record-setting $12 million in bug bounties.

Dark Reading reports: "Google Debuts Quality Ratings for Security Bug Disclosures"