backtop


Print 21 comment(s) - last by cruisin3style.. on Nov 6 at 3:25 PM


  (Source: googlevan.com)
New reward program will pay computer users top dollar to spot flaws

Google is looking for new exposure – hackers and security experts, today is your day. The internet giant is on a mission to reward "web application security research".  

After a successful launch in January of Google's open-source Chromium vulnerability reward program, the company has extended the program to all Google web applications. Google's security team announced on its blog Monday that the company will pay users who find security flaws on Google.  

"We are announcing an experimental new vulnerability reward program that applies to Google Web properties," said the security team. "As well as enabling us to thank regular contributors in a new way, we hope our new program will attract new researchers and the types of reports that help make our users safer."

The search extends to Google, YouTube, Blogger and Google's social network, Orkut but doesn't include Google client applications Android, Picasa and Sketchup.

Payments for finding a vulnerability would start at $500 and go up to as much as $3,133.70 -- depending on the extent of the vulnerability.  

The Google security team describes a vulnerability as, "any serious bug which directly affects the confidentiality or integrity of user data". Monetary rewards are issued on a first-come, first-serve basis. 

According to the company's blog post, if the recipient isn't interested in money, Google will offer the option of donating the reward to charity.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

makes sense
By chromal on 11/2/2010 12:12:08 PM , Rating: 5
This is actually a nice alternative to folks sitting on a new 0-day exploit. Give them the opportunity to do the responsible thing with the cleverness, rather than leave them little choice but to release it and gain exploit community notoriety as the only possible payment.




RE: makes sense
By zebalow on 11/2/10, Rating: -1
RE: makes sense
By theapparition on 11/2/2010 12:45:52 PM , Rating: 2
Well according to you, after our new Republican congress is sworn in, the entire country will be sold to China.

Somehow I doubt that, but keep believing all those political ads, which thankfully won't be running for another two years.


RE: makes sense
By cruisin3style on 11/6/2010 3:25:15 PM , Rating: 2
Hell at least we'd be getting something for it, right now we're giving it away


RE: makes sense
By Gungel on 11/2/2010 12:27:16 PM , Rating: 2
Well that didn't help HTC Droid Incredible which still ships with 359 flaws and 88 of them marked as critical or high risk.


RE: makes sense
By jonmcc33 on 11/2/10, Rating: -1
RE: makes sense
By nafhan on 11/2/2010 12:48:43 PM , Rating: 5
Also, avoid any MS products; keep away from Linux as well. Actually, I recommend staying off the internet and computers, altogether. Seriously, they're out to get you!


RE: makes sense
By jbwhite99 on 11/2/2010 12:56:41 PM , Rating: 2
I do have a nice shiny copy of DOS around. I've actually access the internet on mainframes - VM had a text-based browser - that was my first internet experience 15+ years ago.


RE: makes sense
By Suntan on 11/2/2010 1:17:46 PM , Rating: 3
quote:
I've actually access the internet on mainframes - VM had a text-based browser - that was my first internet experience 15+ years ago.


All that tells us is that you really are too old to be looking for some kind of silly, childish “geek-cred” on an internet site.

Seriously, you’re old enough to have a family. Grow up.

-Suntan


RE: makes sense
By Hieyeck on 11/2/2010 3:00:56 PM , Rating: 2
I'm in the same boat he is. My first taste of the internet was 18 years ago. Unfortunately for you, I'm only 24 and that hardly qualifies as family age. I played go-fish with one of my dad's co-workers that was in Britain (what a way to test the connection).

It's poor to make assumptions about age, thought I will grant you it wasn't really "the internet" as we know it today.


RE: makes sense
By Spivonious on 11/2/2010 3:35:29 PM , Rating: 2
I'm 28 and first "surfed the web" about 17 years ago. Mosaic was the browser of choice because it supported the <img> tag. Search engines didn't exist, which made finding websites pretty hard. You had to look for them in magazines and then they were very long URLs, as there were only a few servers hosting pages back then. The good old days. :)


RE: makes sense
By nolisi on 11/2/2010 12:53:36 PM , Rating: 3
I love it when people make extreme statements with no explanation or substantiation. It really helps to weed out the people with little to no credibility.


RE: makes sense
By AraH on 11/2/2010 4:21:37 PM , Rating: 1
you realise you did the same thing you claim he did right?


RE: makes sense
By Lugaidster on 11/3/2010 4:16:17 PM , Rating: 2
It's about as valid as saying: There are two things I really hate in this world: racists and that black dude that lives across the street.


RE: makes sense
By tastyratz on 11/2/2010 3:33:19 PM , Rating: 2
I think they should have a stipulation included in the reward credit also (pardon me if this is already in it)
If you notify them and expect reward payout you enter a non disclosure agreement. You get your money 30 days after validation provided you don't leak elsewhere.

If you tell them THEN release your exploit right after it does not give them much of a head start to secure things which is really the whole point.


Oh Google...
By theplaidfad on 11/2/2010 12:26:22 PM , Rating: 5
quote:
Payments for finding a vulnerability would start at $500 and go up to as much as [b]$3,133.70[/b] -- depending on the extent of the vulnerability.


...You're so elite.




RE: Oh Google...
By DKantUno on 11/2/2010 1:09:38 PM , Rating: 2
Lol :D Gotta love them :)


RE: Oh Google...
By carniver on 11/2/2010 6:34:57 PM , Rating: 2
Yeah, but for the eliteness why isn't the amount $31,337.00?


RE: Oh Google...
By theplaidfad on 11/2/2010 8:49:02 PM , Rating: 5
Because, that's over 9000.


Does this mean
By Sylar on 11/2/2010 12:35:01 PM , Rating: 2
that China has a new revenue stream now?




top dollar...
By rvd2008 on 11/2/2010 1:22:07 PM , Rating: 2
goes to China




"It's okay. The scenarios aren't that clear. But it's good looking. [Steve Jobs] does good design, and [the iPad] is absolutely a good example of that." -- Bill Gates on the Apple iPad














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki