Saturday, January 30, 2010

Google Paying You To Find Chrome Security Flaws

Google recently announced a new program that will pay you to find security flaws in the Google Chrome browser.

In a post to the Chromium project's blog , Chrome security team Chris Evans, said the company will be offering  a $500 bounty on any new run of the mill bug found, but that "particularly severe or particularly clever" bugs would reap rewards of $1,337 each.

To be eligible for the reward you must
  1. Be the first reporter of a given issue that was a  previously unaware bug. In the event of a duplicate submission, the earliest filed bug report in the bug tracker is considered the first report.
  2. File your bug through the Chromium bug tracker (under the template "Security Bug") to qualify for consideration.
What bugs are eligible?
  • Any security bug from either  Google Chrome or the Chromium open source project may be considered. With more focus being given to High and Critical impact bugs, but any clever vulnerability at any severity might get a reward.
  • Bugs from third party components such as WebKit, libxml, image libraries, compression libraries, etc might be eligible but third-party plugins and extensions are ineligible. 
  • All bugs will be reviewed by a panel of Google team members which includes Adam Barth, Chris Evans, Neel Mehta, SkyLined and Michal Zalewski.
In a bit of irony Google give kudos to the folks at Mozilla for their idea as it was the success if their long-running and successful vulnerability reward program that led Google to create their own.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you