Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google To Pay $500 For Bugs Found In Chromium

Posted by ScuttleMonkey on from the rewards-for-being-1337 dept.

Trailrunner7 writes to mention that a new program from Google could pay security researchers $500 for every security bug found in Chromium. Of course if you find a particularly clever bug you could be eligible for a $1337 reward. "Today, we are introducing an experimental new incentive for external researchers to participate. We will be rewarding select interesting and original vulnerabilities reported to us by the security research community. For existing contributors to Chromium security — who would likely continue to contribute regardless — this may be seen as a token of our appreciation. In addition, we are hoping that the introduction of this program will encourage new individuals to participate in Chromium security. The more people involved in scrutinizing Chromium's code and behavior, the more secure our millions of users will be. Such a concept is not new; we'd like to give serious kudos to the folks at Mozilla for their long-running and successful vulnerability reward program."

2 of 175 comments (clear)

  1. Re:Why tell when you can exploit? by tomhudson · · Score: 4, Insightful

    Why claim a $500 reward when you can exploit and steal more?

    In Soviet Russia, spammer rewards YOU!

    I'll take exploits for $500, Alex.
    Sorry, the Russian Business Network is paying $5000.

  2. Re:Nice idea, but limited scope by fuzzyfuzzyfungus · · Score: 4, Insightful

    $500 (or even $1337) seems a bit low to encourage a would be criminal to go legit with some clever zero day, rather than exploit it. And, if it isn't now, it will be as Chrome's user base increases. For that reason, I'm assuming that they are offering this as a mixture of publicity stunt and goodwill/attention attracting measure for security researchers(ie. $500 won't buy very much time from somebody who really knows their shit about programming and security. If, though, you are either going to spend your day doing mean things to Flash or mean things to Chrome, why not go for the beer money).

    If those are indeed the motivations, it would seem highly counterproductive for them to be dicks about paying out. If they do, their good publicity will swiftly dissipate after a couple of "Google promises cash for bugs, weasels out" articles, and researchers who might otherwise care will probably just get fed up with fighting verbal technicalities and post to some open disclosure site instead.