Wednesday, February 25, 2015

Google now rewards Chrome bug hunters all year round

Chromebook


One way to reduce the number of bugs or exploits in your software is to throw it open to some of the best and most devious minds in the industry and ask them to pull it apart. That's what Google has done with its annual Pwnium conference, where it's rewarded researchers with millions of dollars in Chrome-based security bounties. However, the search giant has decided now is the time to do things a little differently. As of this week, the Pwnium competition is shifting from an annual affair to a "year round, worldwide opportunity for security researchers."


What does this mean? Well, instead of requiring researchers to submit their bugs in March, register for the conference, attend the venue and hope everything goes as planned, they can now do it all remotely. Whenever bug hunters come across an exploit, they can submit it to Google's Chrome Vulnerability Reward Program (VRP) and immediately become eligible for a cash payout. The reasoning is sound: holding time-limited events incentivizes researchers to sit on their discoveries for a cash reward, which means potential flaws could go unpatched and leave users vulnerable.


To promote disclosures, Google's reward pot now stands at "$∞ million," which means that if bugs are identified, disclosed and patched, the people doing the good work can keep adding to their earnings. Researchers requested that the program should be an open affair -- now they've got their wish.


Filed under:


Comments


Source: Chromium Blog


0 comments:

Post a Comment