Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Multiplies Low-Tier Bug Bounties By Factor of Five

Posted by Soulskill on from the all-about-the-william-mckinleys dept.

Trailrunner7 writes "Google's bug bounty program has been one of the more successful reward systems of its kind, and the company has regularly modified and expanded the program over the years to keep pace with what's going on in the industry. Google also has increased the rewards it offers for certain kinds of vulnerabilities several times, and the company is doing it again, raising the lower reward level from $1,000 to $5,000. This is the second major reward increase in the last couple of months. In June the company jacked up the amount of money it pays for cross-site scripting vulnerabilities in Google web properties to $7,500, and also raised the reward for authentication bypasses to that same level. Now, Google is giving researchers more incentive to find significant vulnerabilities in its Chrome browser."

4 of 29 comments (clear)

  1. Re:more incentive? by webnut77 · · Score: 3, Insightful

    Isn't this just going to get people to sit on their bugs until the prize money goes up again? Obviously not right now, since an increase just happened, but in a few years; it wouldn't surprise me to see a fall-off in the number of bugs reported, followed by a very sudden increase after the next increase.

    It's a risk. There's always the possibility that someone else will find the same bug you do and cash in first.

  2. messing with Microsoft by Anonymous Coward · · Score: 2, Interesting

    (posting anon because of my employMent Situation)

    In many ways this is about control of the vuln market space rather than the value of the vulns. Microsoft is very slow to catch up, and the recent bug bounty required a herculean political effort internally and took months for approvals. Even so, the bounty amounts were focus-grouped to miniscule levels , meaning that Google pays more for Microsoft vulns than Microsoft does. Far more. I don't know whether or not Google dribbles them out slowly or not, after their own product patches or not, or other competitive move or not. But it ain't good, and Google's d!ck-waggling move shows how agile they are ,more than anything else.

  3. Re:Still cheaper than employees by mrops · · Score: 2

    Let me call NSA and find out.

  4. Interesting by g0bshiTe · · Score: 3, Insightful

    "giving researchers more incentive"

    Or conning people into using Chrome in the hopes they will find a nice bug and collect the bounty.

    --
    I am Bennett Haselton! I am Bennett Haselton!