Google attracts vulnerability hunters with higher rewards
Google tries to security specialists with higher premiums animate as part of its reward program, to report vulnerabilities in the browser Chromium project. The company is responding to a significant reduction of reported vulnerabilities, which it sees as a confirmation of the success of the program: "vulnerabilities are harder to find, because the efforts of the larger community Chromium have made significantly more", the Google developer Chris Evans writes in Chromium blog.
In addition to the existing incentive of U.S. $ 500 to U.S. $ 3133.7 now beckon bonuses of $ 1,000, such as when the gap is in a part of the source code, to be stable and mostly bug-free is . Also $ 1,000 puts one on top Google, if the reported vulnerability, other concerns, a significant number of other programs - for example because they are in a library is to be shared by multiple applications. Can the vulnerability finder demonstrate the exploitability of the vulnerability, at least partially, he collected more than $ 1,000.
Google points out that exceptional gaps still be rewarded with up to $ 10,000. For inspiration, the company provides a few examples about an exploit that allows the execution of code on a 64-bit version of Chrome, breaking out of the sandbox is optional. Also a gap in the video card driver, which can be exploited when opening a specially crafted Web page using Chrome would impress Google's security team. Even someone who is a serious gap in the library libjpeg, can according to Google excited about the $ 10,000. "Because it for a good decade, no more serious flaw was found," it says in the blog post.
In addition, the search giant reminds again because the reward program also covers vulnerabilities in Adobe Flash, the Linux kernel and various open source libraries, and daemons. Who actively participated in the Chromium community and providing patches for its gaps can reap up to an additional $ 1,000.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment