Google opens up Chrone vulnerability reward program

Google opens up Chrone vulnerability reward program

Tags:   Chrome  Google  vulnerability reward program

By Robert Westervelt | Feb 3, 2010

Google is rolling out a vulnerability reward program to provide an incentive for security researchers to cough up security vulnerabilities they discover in its fledgling Chrome browser.

In a Google Chromium Blog entry, Chris Evans, an information security engineer on Google's Chrome security team, said eligible Chrome flaws would be rewarded with a minimum of $500. More extensive coding errors resulting in severe vulnerabilities could receive more than $1,300 he said.

"We will be rewarding select interesting and original vulnerabilities reported to us by the security research community," Evans said. "The more people involved in scrutinizing Chromium's code and behavior, the more secure our millions of users will be."

Only vulnerabilities reported through the Chromium bug tracker are eligible for a reward.  Eligibility also applies to vulnerabilities discovered in browser plug-ins shipped with the Chrome browser by default.

The Chromium Project is open source and covers both the Chrome browser and the Chromium OS. Evans called the Chrome vulnerability program experimental and pledged Google's sponsorship of the rewards.

Mozilla announced its Bug Bounty Program in 2004, funded by Linux distribution, Linspire and Mark Shuttleworth, the founder of the Ubuntu Project, a linux distribution. Under Mozilla's program, reporters of valid critical security bugs receive a $500 cash reward and a Mozilla T-shirt.

Under Mozilla's guidelines, only remote exploits present in recent supported versions of Firefox or Thunderbird are eligible for a reward. Submitters cannot be the author of the coding errors as a contributor to the Mozilla project.

 
 
12

Similar

Related Articles

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Using Scapy to test Snort IDS
Cybercriminals target healthcare records
PCI tokenization on the rise
Microsoft addresses Windows and Office vulnerabilities
Top 10 tips for protecting sensitive data from malicious insiders

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS