Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Patches 10 Chrome Bugs, Pays Out $10K

Posted by timothy on from the splat-splat-splat dept.

CWmike writes "Google patched 10 vulnerabilities in Chrome on Thursday, but it didn't award any of the researchers who reported bugs its new top-dollar reward. Google divulged no details of the vulnerabilities and, as is its custom, it blocked public access to its bug-tracking database — a practice meant to keep attackers from using the information before most users have upgraded. Some rivals, such as Mozilla, do the same; others, like Microsoft, do not. Sergey Glazunov banked $4,674 for reporting four bugs, including the previous maximum $1,337 each for two of the quartet. A researcher known as 'kuzzcc,' who has also reported flaws in Opera to that browser's Norwegian maker, took home $2,000 for uncovering a pair of Chrome vulnerabilities. But no one received Google's new biggest bounty, which the company set at $3,133.70 last month, after Mozilla had increased its maximum vulnerability payment to $3,000."

8 of 95 comments (clear)

  1. Re:a couple grand? by Alphanos · · Score: 4, Insightful

    It has to be a careful balance to set bounties like this at the right amount. The information and fixes are valuable, yes. However, If they set the payout too high, it could actually encourage their employees to write buggy software in the hopes of cashing in (i.e. through a friend or family member).

    --
    Alphanos
  2. Re:a couple grand? by Darkness404 · · Score: 4, Insightful

    Yeah, but Google is reputable, you -know- that their $3K is going to be genuine. Good luck suing J. Random Blackhat when the money he pays you turns out to be stolen/fraudulent or never arrives.

    --
    Taxation is legalized theft, no more, no less.
  3. Re:a couple grand? by Darkness404 · · Score: 3, Insightful

    ...Except for the fact when Google audits the broken code and finds the person responsible for putting it in they are out a job, and my guess is, stable employment with a decent paycheck and benefits is better than a quick $3K.

    --
    Taxation is legalized theft, no more, no less.
  4. Re:a couple grand? by WillDraven · · Score: 2, Insightful

    I think that's exactly the GP's point. $3k isn't worth risking your job over. $30k or $300k might be.

    --
    This is my sig. There are many like it but this one is mine.
  5. Re:Money talks. by jamesh · · Score: 2, Insightful

    Out of curiosity, why is that? It seems odd that anyone would complain about people getting paid a modest sum of money to do useful work.

    My guess would be because some people like to complain.

  6. Re:a couple grand? by Achromatic1978 · · Score: 2, Insightful

    Actually, you would be wrong... Google actually pays a fair bit less than many other tech companies, thinking that their 'rep' is some salary too. They used to rely on benefits, too - the cafeterias, etc... but have been cutting back drastically on those.

  7. Re:a couple grand? by Jurily · · Score: 2, Insightful

    I have full control over what I do.

    And I'm Santa Claus.

  8. Re:a couple grand? by Psychotria · · Score: 2, Insightful

    ...Except for the fact when Google audits the broken code and finds the person responsible for putting it in they are out a job, and my guess is, stable employment with a decent paycheck and benefits is better than a quick $3K.

    Citation please. I find it hard to believe that a Google employee (or an employee of any company) would find themselves out of a job because of broken code.