|
A good news for the hacking community- The internet giant Google has raised the bounties from $3133 to $20,000.Most companies that are in the business of providing software or services are willing to pay industrious and benevolent hackers who find bugs in the code. Google has been making use of these folks for quite some time, but now Mountain View is increasing its rewards dramatically in an effort to encourage more people to join the bug hunt. Google previously handed out a maximum of $3133.70, but now will offer up to $20,000 per bug.
"When we get more bug reports, we get more bug fixes," Google security team manager Adam Mein told AFP. "That is good for our users; that is good for us."
Google has paid out approximately $460,000 since it established the Vulnerability Reward Program.This rate change increases the incentive for security researchers and the average denizen of the internet to disclose the bugs spotted in Google web services to the source.
At Google’s Pwnium contest in March, Google paid out $60,000 prizes to anyone that could exploit the Chrome browser. Two people managed to do so, and collected the money. Even at that rate, security researchers have made it clear the exploits would have been worth more if sold to malicious individuals. Google’s $20,000 top payment is likely still far below the market rate.
Not all bugs will warrant the new $20,000 payout. Only “critical bugs” that allow remote code execution will be at that level. SQL injections or authentication bypasses will still net you a hefty $10,000 prize, but amounts will vary depending on which Google service is affected.
"We want them to know the reward is there for them if they find the most severe bugs," Mein said.Bugs found in more sensitive services such as Google smartphone "Wallet" software tends to merit more generous rewards. So start working and earn.
"When we get more bug reports, we get more bug fixes," Google security team manager Adam Mein told AFP. "That is good for our users; that is good for us."
Google has paid out approximately $460,000 since it established the Vulnerability Reward Program.This rate change increases the incentive for security researchers and the average denizen of the internet to disclose the bugs spotted in Google web services to the source.
At Google’s Pwnium contest in March, Google paid out $60,000 prizes to anyone that could exploit the Chrome browser. Two people managed to do so, and collected the money. Even at that rate, security researchers have made it clear the exploits would have been worth more if sold to malicious individuals. Google’s $20,000 top payment is likely still far below the market rate.
Not all bugs will warrant the new $20,000 payout. Only “critical bugs” that allow remote code execution will be at that level. SQL injections or authentication bypasses will still net you a hefty $10,000 prize, but amounts will vary depending on which Google service is affected.
"We want them to know the reward is there for them if they find the most severe bugs," Mein said.Bugs found in more sensitive services such as Google smartphone "Wallet" software tends to merit more generous rewards. So start working and earn.
0 comments:
Post a Comment