Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Applications
    • Applications
    • Cybersecurity

    Google Broadens Bug-Finding Rewards Program

    Written by

    Todd R. Weiss
    Published February 7, 2014
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      To help find and fix bugs in its vast software library, Google has expanded its Security Rewards Program to cover more Google software products, including all Chrome apps and extensions.

      The announcement about the program expansion was unveiled by Eduardo Vela Nava and Michal Zalewski of the Google Security Team in a Feb. 4 post on the Google Online Security Blog.

      “Starting today, we will broaden the scope of our vulnerability reward program to also include all Chrome apps and extensions developed and branded as ‘by Google,'” wrote Vela Nava and Zalewski. “We think developing Chrome extensions securely is relatively easy (given our security guidelines are followed), but given that extensions like Hangouts and GMail are widely used, we want to make sure efforts to keep them secure are rewarded accordingly.”

      The rewards for each vulnerability will continue to range from $500 to $10,000, depending on the permissions and the data each extension handles, they wrote. “If you find a vulnerability in any Google-developed Chrome Extensions, please contact us at goo.gl/vulnz.”

      In addition, Google’s Patch Reward Program is increasing the amounts of the payments it will make to researchers who find and correct serious flaws in the code created by Google, Vela Nava and Zalewski wrote. “The program encourages and honors proactive security improvements made to a range of open-source projects that are critical to the health of the Internet in recognition of the painstaking work that’s necessary to make a project resilient to attacks.”

      The new reward structure includes payments of $10,000 for “complicated, high-impact improvements that almost certainly prevent major vulnerabilities in the affected code” and $5,000 for “moderately complex patches that provide convincing security benefits,” they wrote. Rewards of $500 to $1,337 will be made for submissions that are “very simple or that offer only fairly speculative gains.”

      The programs have been used by Google for years to get more eyeballs examining and repairing its code using cash incentives.

      “We look forward to ongoing collaboration with the broader security community, and we’ll continue to invest in these programs to help make the Internet a safer place for everyone,” wrote Vela Nava and Zalewski. “From investing our time in doing security research to paying for security bugs and patches, we’ve really enjoyed and benefited from our involvement with the security community over the past few years.”

      From 2010 to 2013, Google paid out more than $2 million as part of its Chromium and Google Web Vulnerability Programs, according to an earlier eWEEK report. Back in February 2010, Google publicly announced that it had paid a security researcher for a flaw that had been discovered in the Chrome Web browser. That bug bounty was paid for the Chrome 4.0.249.89 (Chrome is now at version 28) release in reference to an HTTP authentication flaw in Chrome. For that very first flaw, Google initially paid out $500 to researcher Timothy Morgan. Morgan in turn donated his reward to a Haiti relief effort, and Google subsequently upped the reward to $1,337.

      Google has since received and rewarded more than 2,000 security bug reports that have fixed a myriad of security issues, ranging from authentication flaws to the seemingly endless stream of Use-After-Free memory issues. In a Use-After-Free error, allocated memory that is no longer in use is still available as legitimate memory space for an attacker to use to launch an attack.

      Todd R. Weiss
      Todd R. Weiss
      Todd R. Weiss is a seasoned technology journalist with over 15 years of experience covering enterprise IT. Since 2014, he has been a senior writer at eWEEK.com, specializing in mobile technology, smartphones, tablets, laptops, cloud computing, and enterprise software. Previously, he was a staff writer for Computerworld.com from 2000 to 2008, reporting on a wide range of IT topics. Throughout his career, Weiss has written extensively about innovations in mobile tech, cloud platforms, security, and enterprise software, providing insightful analysis to help IT professionals and businesses navigate the evolving technology landscape. His work has appeared in numerous leading publications, offering expert commentary and in-depth analysis on emerging trends and best practices in IT.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.