Chrome bug hunters, Google’s giving you a raise

fd-new-chrome-lapel-pin-4sts.jpg

Google’s Chrome bug bounty has paid more than $1.25 million to security researchers who have found more than 700 bugs in its browser, but Google has determined that it’s not enough.

The maximum bounty for finding bugs in Chrome has been raised to $15,000 at the high end, up from $5,000, Google announced in a blog post Tuesday. The low end of the scale remains at $500, unchanged since Google launched its Chrome bounty in 2010.

Now at least a decade old, bug bounties have become a way for tech firms to pay security researchers for their efforts without hiring them as full-time employees. The bounty programs benefit companies by not only finding security holes early, but keeping those vulnerabilities from being sold on the black market.

Google initially received criticism in 2010 for its Chrome bounty, with some researchers saying that Google was paying too little. But since then, Google has earned a reputation for surpassing its own upper limit when researchers have submitted bugs for review that were difficult to find. Last month, for example, one researcher earned $30,000 for a series of linked bugs that would’ve allowed an escape from Chrome’s protective sandbox.

Related stories

One of the changes Google announced Tuesday is more transparency about the bug payment scale. Google has delineated how much the different kinds of bugs earn for the researcher.

Another change is that Google will pay more for exploits that accompany bugs, though they don’t have to be submitted at the same time. Google hopes this will cut down on bug duplication, while allowing the company to patch bugs sooner.

Last, researchers will be entered into Google’s Hall of Fame along with their monetary payment. The changes to the payment scale are retroactive to July 1, so some researchers will see some bonus bucks in the near future.

Check Also

North Korea’s Internet said to go dark after cyberattack claims

After increasing instability, North Korea’s Internet is said to go down. Dyn Research North Korea’s Internet connection has been touch and go over the last day and now it’s completely shuttered, according to Internet performance analysis firm Dyn Research. “After 24hrs of increasing instability, North Korean national Internet has been down hard for more than …

Leave a Reply