Slashdot Mirror


Google Ups Bug Bounty To $20,000

Trailrunner7 writes, quoting Threatpost: "Search giant Google said it is quintupling the top bounty it will pay for information on security holes in its products to $20,000. Google said it was updating its rewards and rules for the bounty program, which is celebrating its first anniversary. In addition to a top prize of $20,000 for vulnerabilities that allow code to be executed on product systems, Google said it would pay $10,000 for SQL injection and equivalent vulnerabilities in its services and for certain vulnerabilities that leak information or allow attackers to bypass authentication or authorization features."

2 of 53 comments (clear)

  1. Re:A failure of conventional hack-ism ? by mark-t · · Score: 5, Insightful

    It probably means that they realize that they've come to a point in the project where crowdsourcing QA is more cost-effective than using internal QA. This isn't because their internal QA is incompetent, it's because they are only just so many.

  2. Re:A failure of conventional hack-ism ? by Anonymous Coward · · Score: 5, Insightful

    the inference to be drawn is that finding a security hole would take more than 20k of programmer time, so probably the holes remaining are _hard_ to find. Seems more like a success than a failure to me.