Intergrerty -- we've never heard of it - Doc Spinola of that ilk
|
|
|
Google matches Mozilla with $3,133 bug bounty
INTERNET SEARCH OUTFIT Google has upped its maximum reward for a security bug on Chrome to $3,133, only nearly a week after Mozilla did a similar thing by increasing its own bounty to up to $3,000.
The Chromium Security Reward programme has been up for around six months and Google said it had been a "clear success", as people aren't going to go rooting around for bugs in their spare time and bother reporting them without some sort of monetary reward.
While Mozilla said that it increased the reward to "support better constructive security research", Google was a little more forthcoming, saying that it increased the reward because it is getting harder to find bugs of critical severity.
The base reward for less serious bugs is $500, but the reward panel will consider splashing out more for higher quality bug reports. This would include work such as a careful test case reduction, proper analysis of root cause and suggestions for resolution.
There was a discussion in comments on the blog post about whether security researchers were "in it for the money" or might be put off by the bounty.
A conclusion was reached that if they didn't want to get paid for their efforts, they could always give the cash to a charitable cause, which seems fair enough. µ
Share this:
Share
What they're trying to do but not talk about is the very real and valuable market for zeroday exploits.
$3k is attainable in private exchanges for a decent exploit.
$3k is quite a bit for a Chinese undergrad
The exact sum is $3,1337