Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Patches 10 Chrome Bugs, Pays Out $10K

Posted by timothy on from the splat-splat-splat dept.

CWmike writes "Google patched 10 vulnerabilities in Chrome on Thursday, but it didn't award any of the researchers who reported bugs its new top-dollar reward. Google divulged no details of the vulnerabilities and, as is its custom, it blocked public access to its bug-tracking database — a practice meant to keep attackers from using the information before most users have upgraded. Some rivals, such as Mozilla, do the same; others, like Microsoft, do not. Sergey Glazunov banked $4,674 for reporting four bugs, including the previous maximum $1,337 each for two of the quartet. A researcher known as 'kuzzcc,' who has also reported flaws in Opera to that browser's Norwegian maker, took home $2,000 for uncovering a pair of Chrome vulnerabilities. But no one received Google's new biggest bounty, which the company set at $3,133.70 last month, after Mozilla had increased its maximum vulnerability payment to $3,000."

5 of 95 comments (clear)

  1. True Geeks at Heart by UNHOLYwoo · · Score: 5, Funny

    ", which the company set at $3,133.70 last month" Great, Easter eggs beyond the code.

  2. Re:Money talks. by Suki+I · · Score: 4, Informative

    Meritocracy at work. It's nice to see, and I'm sure I will hear all sorts of complaints about how it is neither fair nor effective.

    Getting paid to help is always good. Especially on things many of us try to help on even if there is not pay incentive.

    --
    Home of The Suki Series
  3. Re:a couple grand? by Suki+I · · Score: 4, Informative

    you would think you could sell this information to certain other parties for a lot more than that

    and the potential for damage that can be done to the company's brand, and with all of the money the company has, you'd think they'd pay at least an order of magnitude more. and get a lot more interest in finding and reporting security flaws to boot

    they are playing pennies for gems of information

    Some of us like to play nice. Not saying I am in the category of the people who got those rewards, of course.

    --
    Home of The Suki Series
  4. Re:a couple grand? by Alphanos · · Score: 4, Insightful

    It has to be a careful balance to set bounties like this at the right amount. The information and fixes are valuable, yes. However, If they set the payout too high, it could actually encourage their employees to write buggy software in the hopes of cashing in (i.e. through a friend or family member).

    --
    Alphanos
  5. Re:a couple grand? by Darkness404 · · Score: 4, Insightful

    Yeah, but Google is reputable, you -know- that their $3K is going to be genuine. Good luck suing J. Random Blackhat when the money he pays you turns out to be stolen/fraudulent or never arrives.

    --
    Taxation is legalized theft, no more, no less.