[ISN] Google Chrome bug bounty ups Mozilla's ante

From: InfoSec News <alerts_at_private>
Date: Wed, 21 Jul 2010 02:47:11 -0500 (CDT)

By Dan Goodin in San Francisco 
The Register
20th July 2010

Two days after Mozilla sextupled the bug bounty paid to security 
researchers to $3,000, Google has upped the ante for vulnerabilities 
that are reported in its Chrome browser.

In a continuing play on elite hacker speak, Google will begin paying as 
much as $3,133.70 for the most critical bugs that are brought to its 
attention, the company announced Tuesday. Google began paying rewards in 
January with a sum of $1,337 for the most critical vulnerabilities. At 
the time, Mozilla was paying only $500 for the most serious flaws 
brought to its attention.

“It has been approximately six months since we launched the Chromium 
Security Reward program,” Google's announcement stated. “Although still 
early days [sic], the program has been a clear success. We have been 
notified of numerous bugs, and some of the participants have made it 
clear that it was the reward program that motivated them to get involved 
with Chromium security.”

The bidding war is good news for private security researchers who 
frequently complain they are uncompensated when they warn software 
makers of serious bugs that imperil their users. That longstanding 
arrangement allows the companies to benefit off the work of others and 
creates a sense that they are entitled to the information, the 
researchers have said.


Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Wed Jul 21 2010 - 00:47:11 PDT

This archive was generated by hypermail 2.2.0 : Wed Jul 21 2010 - 00:57:41 PDT