ADVERTISING BROKER Google has offered an incentive system for security researchers to come forward and disclose vulnerabilities in its software.
The firm employed a similar system with its Chrome browser and says it has witnessed a "sustained increase in the number of high quality reports from researchers". So after offering the carrot of $1,337 for Chrome vulnerabilities, Google is offering a similar scale of rewards all the way up to $3,133.70 for any of its web properties that handle sensitive authenticated data.
For Google that includes, but is not limited to, its crown jewels of google.com, youtube.com and blogger.com. However the firm has said that its Android operating system or applications such as Picasa and Google Desktop are not within the scope of its rewards program.
As for which bugs qualify, Google was somewhat vague, though it said that XSS, XSSI and server side code execution will almost certainly qualify for rewards. Attacks based on social engineering or on Google's corporate infrastructure including denial of service attacks and technologies that have been recently acquired by the firm will not qualify.
Offering security researchers money has become popular and is used by a number of firms as a way of mitigating the number of embarrassing insecurity stories appearing in the press. By incentivising researchers to use the firms' bug disclosure channels, they hope to retain some control of the situation and limit the potential for both damage and corporate embarrassment.
For a number of security researchers, bounties can offer a nice reward for their hard work. µ
Celebrity Apprentice star says Europe has 'taken advantage of the US'
1995 called, they want their news item back
LG's gaming-focused monitor is impressive and affordable
It's now safe to eat croissants over your laptop again