Posted on Monday, February 01 2010 @ 0:05 CET by Thomas De Maesschalck
Google announced it will start offering rewards to people who find high and critical impact security bugs in its Chrome browser. The base reward for eligible bugs is $500, and if the bug is particularly severe or particularly clever, the search giant promises rewards of $1,337.
Today, we are introducing an experimental new incentive for external researchers to participate. We will be rewarding select interesting and original vulnerabilities reported to us by the security research community. For existing contributors to Chromium security — who would likely continue to contribute regardless — this may be seen as a token of our appreciation. In addition, we are hoping that the introduction of this program will encourage new individuals to participate in Chromium security. The more people involved in scrutinizing Chromium's code and behavior, the more secure our millions of users will be.
Such a concept is not new; we'd like to give serious kudos to the folks at Mozilla for their long-running and successful vulnerability reward program.
Any bug filed through the Chromium bug tracker (under the template "Security Bug") will qualify for consideration
More info
at the Chromium Blog.
