Slashdot Mirror
Google Fixes 10 Bugs In Chrome, Pays $4000 Bounty
Trailrunner7 writes "It seems Google's bug bounty program is paying some nice dividends, for both sides. Less than two weeks after releasing version 6.0 of its Chrome browser, Google has pushed out another Chrome release, which includes fixes for 10 security bugs, seven of which are rated either critical or high. Google Chrome 6.0.472.59 comes out just 12 days after the last Chrome release, which fixed 14 security bugs. As part of its bug bounty program, Google paid out $4,000 in rewards to researchers who disclosed security flaws in the browser. Most of the security flaws fixed in the new release are in the Windows version of Chrome, but the most serious bug is only in Chrome for Mac."
What I'd like to see next: Google pays bounty for bugs in other browsers (which it then forwards to those companies for repair).
This would be hilarious. You might think it'd be bad business (why should Google pay for bug finds that will benefit its competition?), but I think it'd be PR gold. Not to mention it would have the side effect of improving all-around security. (So Google could cast the new bounty as an altruistic gesture).
It isn't an Apple product.
'cuz if it where, the system would reboot if you use the mouse and keyboard simultaneously.
Just don't type like that!!
Chrome is an open source project, except that some of it is sponsored by Google. So hacking Gnome or the Linux kernel for free is OK (and by the way a lot of Linux kernel code was written by fulltime employees of Red Hat and other companies, just like Chrome) but fixing bugs for Chrome is not? Think of it as Google's Summer of Code, except on a smaller scale.
Um, I think you are confused.
People whose job it is to find bugs in Google software are Google employees. Their pay is not, I would assume, simply "by the bug", and I suspect that their pay is quite good.
Google happens to also give out bounties -- which many competitors don't -- as a kind of "thank you" to people who voluntarily report security bugs to Google. I'm not sure why you think that the standard for whether this is something nice or an "insult" is whether the bounty for the average bug is greater or less than the price of one share of Google stock.
Mozilla pays $3K for critical security bugs.
http://www.mozilla.org/security/bug-bounty.html
By way of agreeing with you, I know that there are millions of people paying for software who pretty much never expect bugs to be fixed in a jiffy, and in fact have become completely complacent in accepting that many known security flaws have no plan for being fixed at all.
Or in other words:
Bounty paid by Google: $400.00
Bounty paid by Apple and Microsoft: $0.00 (i.e. it isn't even an option)
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Rebooting, logging in, and connecting back to slashdot in under a min. Apple machines are fast.
The primary selling point for Chrome, at the beginning, was JavaScript speed, which is why most of the promotional effort focussed on the V8 engine and its speed.
I don't think Google is all that concerned over whether or not Chrome is the leading browser. They don't sell Chrome.
They do care if common browsers behave in ways which make web content and services using open standards attractive to users, because Google's core business is indexing that kind of content, analyzing it, and selling advertising that leverages services built on top of services using the indexes built from that content.
Chrome is largely a tool to get other browser manufacturers to adopt features that make it attractive for content developers to use formats and protocols that are conducive to Google's business.