Google Also Offers More Money for Security Vulnerabilities
At the start of the year Google announced that, just like Mozilla who has the Mozilla Security Bug Bounty Program, it too is willing to pay for “interesting and original vulnerabilities” that the security research community uncovers in its products. At the time Google explained that it launched the Chromium Security Reward program to encourage new individuals to participate in Chromium security and to deter irresponsible vulnerability disclosure.
“We are introducing an experimental new incentive for external researchers to participate. We will be rewarding select interesting and original vulnerabilities reported to us by the security research community. For existing contributors to Chromium security — who would likely continue to contribute regardless — this may be seen as a token of our appreciation. In addition, we are hoping that the introduction of this program will encourage new individuals to participate in Chromium security,” said at the time Chris Evans, Google Chrome Security.
When Google launched this program it offered between $500 and $1,337 to researchers who uncovered “interesting and original vulnerabilities.” Mozilla used to offer the same amount - $500 plus a Mozilla T-shirt. But earlier this month Mozilla announced that $500 just isn’t enough to entice security researchers and upped that amount to $3,000.
At the time Director of Security Engineering, Lucas Adamski, said “We hope other organizations will match our program and actively support constructive security research.” That is precisely what Google did with its program; Google upped the amount of money it pays for vulnerabilities. If in the past Google offered a maximum of $1,337 it now offers $3,133.7.
“The maximum reward for a single bug has been increased to $3,133.7. We will most likely use this amount for SecSeverity-Critical bugs in Chromium. The increased reward reflects the fact that the sandbox makes it harder to find bugs of this severity,” announced Chris Evans, Google Chrome Security.
Details on Google’s Chromium Security program are available here.
“We are introducing an experimental new incentive for external researchers to participate. We will be rewarding select interesting and original vulnerabilities reported to us by the security research community. For existing contributors to Chromium security — who would likely continue to contribute regardless — this may be seen as a token of our appreciation. In addition, we are hoping that the introduction of this program will encourage new individuals to participate in Chromium security,” said at the time Chris Evans, Google Chrome Security.
When Google launched this program it offered between $500 and $1,337 to researchers who uncovered “interesting and original vulnerabilities.” Mozilla used to offer the same amount - $500 plus a Mozilla T-shirt. But earlier this month Mozilla announced that $500 just isn’t enough to entice security researchers and upped that amount to $3,000.
At the time Director of Security Engineering, Lucas Adamski, said “We hope other organizations will match our program and actively support constructive security research.” That is precisely what Google did with its program; Google upped the amount of money it pays for vulnerabilities. If in the past Google offered a maximum of $1,337 it now offers $3,133.7.
“The maximum reward for a single bug has been increased to $3,133.7. We will most likely use this amount for SecSeverity-Critical bugs in Chromium. The increased reward reflects the fact that the sandbox makes it harder to find bugs of this severity,” announced Chris Evans, Google Chrome Security.
Details on Google’s Chromium Security program are available here.
