|Google Increases Maximum Bounty For Chrome Bugs|
|Written by Alex Armstrong|
|Thursday, 02 October 2014|
Google has upped the top payout for its Chrome Reward program to $15,000 and is applying the increased rates to submissions made since July 2014.
From now on researchers will also get fame as well as fortune with their names appearing in the Google Hall of Fame.
Announcing the increase, Tim Willis of the Chrome Security team gives the information that Google has so far paid out $1.25 million through its Chrome Reward Program and points out that as Chrome has become more secure it has got harder to find bugs in it. He writes:
This is a good problem to have! In recognition of the extra effort it takes to uncover vulnerabilities in Chrome, we’re increasing our reward levels.
In an effort to be transparent, the new reward amounts are outlined in this table, together with its explanatory notes:
Willis states in the blog post:
we’ll pay at the higher end of the range when researchers can provide an exploit to demonstrate a specific attack path against our users. Researchers now have an option to submit the vulnerability first and follow up with an exploit later. We believe that this a win-win situation for security and researchers: we get to patch bugs earlier and our contributors get to lay claim to the bugs sooner, lowering the chances of submitting a duplicate report.
Researchers may receive even more than specified in the table for "particularly great reports".
The FAQ's on the Chrome Reward Program Rules page also gives information about a new Trusted Researcher program. This is an invitation-only program that offers skilled fuzzer developers to run their fuzzers at Google scale. Researchers receive 100% of the reward value for any bugs found by their fuzzers, providing that the same bug was not found by one of Google's fuzzers within 48 hours. The FAQ states:
The easiest way to get an invite into this program is to submit quality bugs that are found with one of your fuzzers. If we like what we see, we’ll reach out with the details!
To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin, or sign up for our weekly newsletter.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Thursday, 02 October 2014 )|