Google offers bounty for Chrome bug catchers
By Stewart Mitchell
Posted on 1 Feb 2010 at 10:14
Google is to offer a bounty for anyone spotting security vulnerabilities in the Chrome browser and its underlying open-source code, the company has announced.
The search and software giant will pay a standard $500 (£314) for new security bugs reported to the Chromium project, with spotters of particularly severe bugs eligible for a $1,337 (£840) finder's fee.
“We're always looking to stay on top of the latest browser security features," said Chrome security expert Chris Evans on the Chromium project's blog. "Some of the most interesting security bugs we've fixed have been reported by researchers external to the Chromium project.
“We are hoping that the introduction of this program will encourage new individuals to participate in Chromium security. We will typically focus on high and critical impact bugs, but any clever vulnerability at any severity might get a reward."
The move mirrors the strategy employed by the Mozilla open-source software project, which operates a long-running vulnerability reward system for external experts spotting flaws in its security.
According to Google, any bug filed through the company's Chromium bug tracker under the template "Security Bug" will qualify for consideration.
However, Google employees looking to top up their wages with insider secrets won't be able to able to claim any reward. “Obviously, your bug won't be eligible if you worked on the code or review in the area in question,” says Evans.
From around the web
Chrome Bandwagon
with 1337 bounties out there for grabbing I may give Chrome a go. :)
By stasi47 on 1 Feb 2010 
Chrome Bandwagon revisited
This could be just a ploy for Google to attract more users to it's browser...
By mjb3000 on 1 Feb 2010
cheap labour
not a ploy, just cheap testing resources. Imagine how long you'd have to spend with the browser just to find a security bug which 'may' then net you some money. And some poor saps are going to fall for this.
By Steve_Adey on 1 Feb 2010
Yeah, but they will be "leet" saps :-)
By robgt1 on 2 Feb 2010
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
