Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

giovedì 16 febbraio 2012

Google dishes out greater than £250,000 in \'bug bounty\' rewards

Google has announced that greater than 1,100 legitimate vulnerabilities has been reported to its bug bounty programme since its inception, with over $410,000 (£258,000) awarded.

According to a blog post by Adam Mein, technical program manager of the Google Security Team, issues starting from low severity to better were reported by greater than 200 individuals, and 730 bugs have qualified for a reward.

Mein said that the programme "was a gigantic success", and following the announcement of the reward programme as an extension of its Chromium Security Research in 2010, it ended up with 43 bug reports on the end of the primary week.

He said: “Roughly 1/2 the bugs that received a reward were discovered in software written by approximately 50 companies that Google acquired; anything else were distributed across applications developed by Google (several hundred new ones every year). Significantly, nearly all of our initial bug reporters had never filed bugs with us before we started offering monetary rewards.”

Google said in November 2010 that it is going to accept vulnerability reports for its google.com platform, in addition to in YouTube, blogger.com and Orkut. The bottom reward for qualifying bugs is $500, and if the rewards panel finds a specific bug to be severe or unusually clever, rewards of as much as $3,133 may well be issued. The panel also said that it is able to also decide a single report actually constitutes multiple bugs requiring reward, or that multiple reports constitute just a single reward.

Mein said Google has gotten better and stronger because of this work. “We get more bug reports, meaning we get more bug fixes, which means that a safer experience for our users,” he said.

In regard to other bug bounty programmes offered by Mozilla, Barracuda and Facebook, Mein said that through the years, these will help companies build better relationships with the safety research community. “As the model replicates, the chance to enhance the final security of the internet broadens,” he said.

Pubblicato da alle 09:08

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)