Following up on a successful bug bounty program that pays hackers for finding security flaws in its Chrome browser, Google now says that it will pay cash for security bugs reported on its websites.
Google calls the program "experimental," but says it gives security researchers new incentives to report Web flaws directly to Google's security team. "As well as enabling us to thank regular contributors in a new way, we hope our new program will attract new researchers and the types of reports that help make our users safer," Google said Monday in a blog posting announcing the program.
The idea is to give Google a chance to fix the vulnerabilities before the bad guys get their hands on them. So, in order to qualify, security researchers must privately disclose new flaws to Google first before they go public with their research. In return, the hackers qualify for cash rewards of between $500 and $3,133.70, depending on the severity of the flaw.
More: http://www.computerworld.com/s/article/9194281/
Google calls the program "experimental," but says it gives security researchers new incentives to report Web flaws directly to Google's security team. "As well as enabling us to thank regular contributors in a new way, we hope our new program will attract new researchers and the types of reports that help make our users safer," Google said Monday in a blog posting announcing the program.
The idea is to give Google a chance to fix the vulnerabilities before the bad guys get their hands on them. So, in order to qualify, security researchers must privately disclose new flaws to Google first before they go public with their research. In return, the hackers qualify for cash rewards of between $500 and $3,133.70, depending on the severity of the flaw.
More: http://www.computerworld.com/s/article/9194281/