Google ups cash rewards for security help

By Ken Presti, on Aug 17, 2012 8:02 AM
Filed under Security

asda

Google has stacked an additional $US1000 ($A957) in bonuses to researchers who discover particularly exploitable bugs.

Google's Chromium Vulnerability Rewards Program has paid out more than $US1 million dollars of rewards for security researchers who have identified and reported Chromium security issues.

While the number of reports has fallen off in recent months, Google maintains that the reduction speaks to the enhanced security that the program has helped to develop.

The company is also adding another $US1000 on top of the base reward for bugs located in portions of the code base deemed to be stable, or areas where the defect rate appears to be low.

Add another $US1000 on top of the base reward if you can find vulnerabilities that extend beyond the Chromium platform. These might include "certain open source parsing libraries".

Payments are adjudicated by a special rewards panel that, at times, has approved overall rewards of $US10,000 for findings that were deemed to be especially significant. These could be for particularly impressive findings, or for something that in Hollywood circles might be described as a lifetime achievement award.

Google is throwing down specific challenges in several key areas, such as Nvidia, ATI and Intel GPU driver vulnerabilities, high or critical severity vulnerabilities in the respective Windows drivers that are demonstrated and triggered from a web page, and submissions on Chrome OS, particularly local privilege escalation exploits in Chrome OS via the Linux kernel.

Another example involves serious vulnerabilities in IJG libjpeg.

"For well over a decade, there hasn’t been a serious vulnerability against IJG libjpeg. Can one be found?" Google wrote in a statement.

The program also covers vulnerabilities in Adobe Flash as well as other well-known software such as the Linux kernel, various open-source libraries and daemons, X windows, etc.

The base reward is $US000 "for well-reported UXSS bugs, covering both the Chromium browser and also Adobe Flash." But, with the new bonus structure, the rewards are likely to increase to $US4000 in many circumstances.

This article originally appeared at crn.com

 
Follow us on Facebook and Twitter
 

Copyright © 2014 The Channel Company, LLC. All rights reserved.

Google ups cash rewards for security help
 
 
 
 
 
Top Stories
Empired makes $17.4m buyout to snatch Microsoft partner crown
Buys Intergen and doubles revenue and headcount.
 
iPhone and Mac sales offset iPad 'speed bump'
Mac sales up 20 percent amid iPad decline.
 
Intalock aims for major growth and new vendors
Brissie security specialist stamps its mark on Sydney.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Is Microsoft right to limit the reseller channel for Surface?

Latest Comments
CRN Magazine

Issue: 331 | September 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.