As part of Google’s vulnerability reward program for hunters (Vulnerability Rewards Program) have now paid over two million dollars, announced [1] of the group in its security blog. The sum falls into approximately equal parts to the programs for the core of the Chrome Brower (Chromium, including the premium income of Pwnium competition [2] ) and Google’s web applications.
Even if this amount seems high at first glance, but it was used very efficiently, as the company pays only in case of success. Thus, over 2000 bug reports were rewarded by Google and the associated security vulnerabilities. In the comments to the blog entry explains [3] Google’s vice president of security, Eric Grosse. “Two million U.S. dollars are very cheap compared to the gain in security you could easily much invest larger sums in commercial tools and services, and benefit less from it. “
In order to provide an incentive for safety research, newly discovered vulnerabilities in Chromium Report to project directly to Google, the company has created another option for increasing the finder’s fee. For security holes for which the finder has so far collected $ 1000, Google wants to continue jumping up to $ 5,000 if they pose a significant threat to the security of the browser user. Introduced a year ago additional bonuses [4] , which receives about a researcher for the submission of a matching exploits remain, continue to exist.
Google has its reward program for Chromium vulnerabilities early 2010 launched [5] . The sister program for Web services was the winter of the same year at the start [6] . <- AUTHOR MARKER DATA BEGIN -> <-! RSPEAK_STOP -> ( rei [7] )<- RSPEAK_START -> <- AUTHOR DATA MARKER END ->
