Google ups (some) bug bounties
Posted on 07 June 2013.
Google has once again decided to raise the sums that researchers can earn by offering information about bugs in the company's web services and properties (YouTube, Blogger, Orkut, Google Search, and so on).


Information about cross-site scripting (XSS) flaws accounts.google.com is now worth $7,500 (used to be $3,133.7), that on Gmail and Google Wallet bugs is now $5,000 (previously $1,337).

XSS vulnerabilities on other properties, which were previously worth $500, are now rewarded with $3,133.7, and finally, information about authentication bypasses / information leaks is now worth $7,500.

Remote code execution bugs and SQL injection vulnerabilities are still at the top of the list of bugs for which Google offers the biggest rewards.

This most recent increase of bug bounties is due to the fact that most of the easily found vulnerabilities have already been reported, and researchers must invest more of their time and effort in finding new ones.

"Since introducing our reward program for web properties in November 2010, we’ve received over 1,500 qualifying vulnerability reports that span across Google’s services, as well as software written by companies we have acquired," stated Adam Mein and Michal Zalewski from the Google Security Team. "We’ve paid $828,000 to more than 250 individuals, some of whom have doubled their total by donating their rewards to charity."









Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Sep 3rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //