mailing list archives
Google offers up to $1337 for select Chromium vulnerabilities
From: Berend-Jan Wever <berendjanwever () gmail com>
Date: Fri, 29 Jan 2010 09:49:03 +0100
*"Today, we are introducing an experimental new incentive for external
researchers to participate. We will be rewarding select interesting and
original vulnerabilities reported to us by the security research community.
For existing contributors to Chromium security — who would likely continue
to contribute regardless — this may be seen as a token of our appreciation.
In addition, we are hoping that the introduction of this program will
encourage new individuals to participate in Chromium security. The more
people involved in scrutinizing Chromium's code and behavior, the more
secure our millions of users will be.
Such a concept is not new; we'd like to give serious kudos to the folks at
Mozilla for their long-running and successful vulnerability reward program.
Any bug filed through the Chromium bug tracker (under the template "Security
Bug") will qualify for consideration."*
Note that this does not mean that *all** *bugs reported as vulnerabilities
*"**Q) What bugs are eligible?*
*A) Any security bug may be considered. We will typically focus on **High
and Critical impact
*, but any clever vulnerability at any severity might get a reward.
Obviously, your bug won't be eligible if you worked on the code or review in
the area in question."*
Berend-Jan Wever <berendjanwever () gmail com>
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Google offers up to $1337 for select Chromium vulnerabilities Berend-Jan Wever (Jan 29)