Google Up Ante For Disclosure Rules, Increases Bug Bounty

Posted by kdawson on Tuesday July 20, 2010 @03:03PM from the responsibility-cuts-both-ways dept.

An anonymous reader writes "In a recent post by seven members of their security team, Google lashed out against the current standards of responsible disclosure, and implicitly backed the recent actions of Tavis Ormandy (who is listed as one of the authors). The company said it believed 60 days should be an 'upper bound' for fixing critical vulnerabilities, and asked to to be held to the same standard by external researchers. In another, nearly simultaneous post to the Chromium blog, Google also announced they are raising the security reward for Chrome vulnerabilities to $3133.7, apparently in response to Mozilla's recent action."

1 of 134 comments (clear)

Min score:

Reason:

Sort:

Re:Elite by cosm · 2010-07-20 15:15 · Score: 0, Offtopic

Google also announced they are raising the security reward for Chrome vulnerabilities to $3133.7
That's quite the elite sum of money to use as a reward.
Pre-WHOOSH, because I know they are coming.

--
'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF