http://www.theregister.co.uk/2010/07/20/google_bug_bounty/ By Dan Goodin in San Francisco The Register 20th July 2010 Two days after Mozilla sextupled the bug bounty paid to security researchers to $3,000, Google has upped the ante for vulnerabilities that are reported in its Chrome browser. In a continuing play on elite hacker speak, Google will begin paying as much as $3,133.70 for the most critical bugs that are brought to its attention, the company announced Tuesday. Google began paying rewards in January with a sum of $1,337 for the most critical vulnerabilities. At the time, Mozilla was paying only $500 for the most serious flaws brought to its attention. “It has been approximately six months since we launched the Chromium Security Reward program,” Google's announcement stated. “Although still early days [sic], the program has been a clear success. We have been notified of numerous bugs, and some of the participants have made it clear that it was the reward program that motivated them to get involved with Chromium security.” The bidding war is good news for private security researchers who frequently complain they are uncompensated when they warn software makers of serious bugs that imperil their users. That longstanding arrangement allows the companies to benefit off the work of others and creates a sense that they are entitled to the information, the researchers have said. [...] _________________________________________________________________ Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit http://www.blackhat.comReceived on Wed Jul 21 2010 - 00:47:11 PDT
This archive was generated by hypermail 2.2.0 : Wed Jul 21 2010 - 00:57:41 PDT