Google is increasing the amount it is willing to pay to security researchers for bugs, with the most serious flaws now priced at up to $20,000. Google's security team has changed its payments plan and will now pay up to $20,000 for flaws that would allow code execution on its production systems. There's a $10,000 bounty for SQL …
...there isn't a smaller bounty for bugs in Google apps etc. Even a piddly $50 per bug would be appreciated.
Cool, let's get rich
Given the amount of personal, private data that gets sucked off of g+ and facebook alone we should all easily be able to find enough bugs to get filthy stonking rich. Let's do it, bitch!
Huh... what do you mean g+ and facebook are designed that way?
Not quite the same as the $900k they paid to someone in 2006 .
They paid $460k to 200 people last year, they couldn't employ 3 people for that.
Apparently, even Google employees think $20k is a joke, but they get fired if they say so.
It's strange that these pathetically low figures are being spun as an 'increase'!
As opposed to what company which is paying more than that for bugs?
Really? Not just SQL injections are rookie mistakes but Google generally don't use SQL.
Developer to Google: I've found this really critical bug with your system:
Google to Developer: Ok, we're pay you £x if you tell us about it.
Developer to Google: Sorry, not enough. Never mind.
Actually, you don't need to imagine it; this is precisely what VUPEN does. They sell their exploits to select governmental agencies, and would never dream of telling Google about it for so little money. Nice, eh?