Google is increasing the amount it is willing to pay to security researchers for bugs, with the most serious flaws now priced at up to $20,000. Google's security team has changed its payments plan and will now pay up to $20,000 for flaws that would allow code execution on its production systems. There's a $10,000 bounty for SQL …
...there isn't a smaller bounty for bugs in Google apps etc. Even a piddly $50 per bug would be appreciated.
Cool, let's get rich
Given the amount of personal, private data that gets sucked off of g+ and facebook alone we should all easily be able to find enough bugs to get filthy stonking rich. Let's do it, bitch!
Huh... what do you mean g+ and facebook are designed that way?
Not quite the same as the $900k they paid to someone in 2006 .
They paid $460k to 200 people last year, they couldn't employ 3 people for that.
Apparently, even Google employees think $20k is a joke, but they get fired if they say so.
It's strange that these pathetically low figures are being spun as an 'increase'!
As opposed to what company which is paying more than that for bugs?
Really? Not just SQL injections are rookie mistakes but Google generally don't use SQL.
Developer to Google: I've found this really critical bug with your system:
Google to Developer: Ok, we're pay you £x if you tell us about it.
Developer to Google: Sorry, not enough. Never mind.
Actually, you don't need to imagine it; this is precisely what VUPEN does. They sell their exploits to select governmental agencies, and would never dream of telling Google about it for so little money. Nice, eh?
- It's true, the START MENU is coming BACK to Windows 8, hiss sources
- iSPY: Apple Stores switch on iBeacon phone sniff spy system
- Pic NASA Mars tank Curiosity rolls on old WET PATCH, sighs, sniffs for life signs
- How UK air traffic control system was caught asleep on the job
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps