Researcher Blows $15K By Reporting Bug To Google

CWmike writes "A security researcher lost a sure $15,000 at this week's Pwn2Own hacking contest because he had earlier reported the bug to Google, which has patched the vulnerability in its Android Market. 'I missed out money wise,' said Jon Oberheide, co-founder and CTO of Duo Security, a developer of two-factor authentication software. 'But it was good that Google is rewarding researchers. And now I have my first Android vulnerability that qualified for a bounty.' Google cut a check to Oberheide for $1,337."

You Know...

[CrazyDuke]

If google cut me a check for 1337 for infosec work, I'd want to keep it in my job portfolio for when potential clients or employers ask for a reference. ...just saying.

Re:You Know...

[adisakp]

If google cut me a check for 1337 for infosec work, I'd want to keep it in my job portfolio for when potential clients or employers ask for a reference. ...just saying.

Some banks like JP Morgan Chase now let you "deposit" a check by iPhone by taking a picture of the check.

You could keep the original check in your portfolio while getting the cash as well :-)

Re:Good publicity

No, Pwn2Own is white-hat - successful exploits are never published and full details are given to the developer. He only reported it beforehand because he mistakenly believed it wouldn't be a permitted exploit for the competition.

If you read his comments on the matter he's more upset about not being able to embarrass Google with such a simple exploit than he is about the money.

Re:1337

Does anybody else think the amount of money he received is interesting?

(Glances at thread.) Pretty much everyone else, yeah.

Re:1337

[Pseudonym+Authority]

But more importantly, 1337% of pi is....... ~42