Fixing bugs and maintaining top-notch security
are factors of paramount importance to any Internet establishment. For a
while now, Google has been rewarding those who've been helping them in
fixing more bugs, and it has been doing these through its Web Vulnerability Reward Program.
Now considering the difficulty involved in finding bugs in Google's
"most critical applications", the search giant has announced that it is
increasing the rewards for another group of bug categories, in addition
to rolling out updated rules.
If you manage to fix cross-site scripting (XSS) bugs on https://accounts.google.com, you now stand to receive a reward of $7,500 (previously $3,133.7). Not only that, rewards for fixing XSS bugs in other highly sensitive services – Gmail and Google Wallet – have been hiked too; it is now $5,000, up from $1,337. The highest reward now for significant authentication bypasses/information leaks now is $7,500, up from an earlier $5,000.
Google started its Web Vulnerability Reward Program in November 2010. Since then, Adam Mein and Michal Zalewski from Google's Security Team claim that they receive over 1,500 qualifying vulnerability reports from across Google's services and software by companies they acquired. "We’ve paid $828,000 to more than 250 individuals, some of whom have doubled their total by donating their rewards to charity. For example, one of our bug finders decided to support a school project in East Africa," they revealed.
More handsome rewards now
If you manage to fix cross-site scripting (XSS) bugs on https://accounts.google.com, you now stand to receive a reward of $7,500 (previously $3,133.7). Not only that, rewards for fixing XSS bugs in other highly sensitive services – Gmail and Google Wallet – have been hiked too; it is now $5,000, up from $1,337. The highest reward now for significant authentication bypasses/information leaks now is $7,500, up from an earlier $5,000.
Google started its Web Vulnerability Reward Program in November 2010. Since then, Adam Mein and Michal Zalewski from Google's Security Team claim that they receive over 1,500 qualifying vulnerability reports from across Google's services and software by companies they acquired. "We’ve paid $828,000 to more than 250 individuals, some of whom have doubled their total by donating their rewards to charity. For example, one of our bug finders decided to support a school project in East Africa," they revealed.

0 comments:
Post a Comment