Two million bucks doled out in increments of some hundred to a few thousand bucks isn’t any fast option to make a fortune. but if you are a security researcher who enjoys finding holes in code, Google’s Vulnerability Rewards software is a method so as to add some profit to your enjoyable.
The company announced Monday that this system has been so a hit that it is “significantly”
The pair additionally notes that the initiative has resulted in “prime requirements” (PDF) in safety response time. it’s been a key element in Google’s Chrome pitch: that the browser is just not handiest faster, but more secure.
Google’s bug bounty software is in fact two programs, both began in 2010. The Chromium VRP serves the open-source basis of Google Chrome, whereas the second is for Google’s other internet sites. each has netted researchers some additional beer money to the tune of greater than $1 million each.
Bonuses for precise reporting or patching a important worm will continue to be offered. this system additionally has inspired, or as a minimum predates, equivalent packages at other major internet sites. facebook lately announced that its two-yr-previous worm bounty application, launched in 2011, has scored 329 safety researchers greater than $1 million.
Malicious program bounty applications are jointly a good suggestion to researchers and the companies they may be serving to. no longer simplest are researchers getting paid for his or her work, however the corporations are additionally maintaining doubtlessly severely damaging bugs off of the vulnerability black market.