We’ve reported a number of times on bug bounties–cash prizes offered by open source communities to anyone who finds key software bugs–ranging from FOSS Factory’s bounty programs to the bounties that both Google (for the Chrome browser) and Mozilla offer. Google and Mozilla have increased their focus on cash bounties paid to people who find bugs in their applications and platforms, and there is evidence that these programs really work.
Google has steadily raised the amounts that it pays people who find bugs in the Chrome browser, and now the company has announced that it is also jacking up the bounties it pays to anyone who finds bugs on its online sites and in online applications.
Google’s new Vulnerability Reward Program (VRP) offers a maximum reward of $20,000 up from $3,133, and there is a new $10,000 incentive in the bug bounty plan. You can find a complete table of payments available for various types of bugs on various platforms in this post.
Open source-focusec companies are having success with bug bounties. Commercial companies focused on open source and open source communities at large can benefit from lots of efficiencies that arise from paying the public to debug software.Think about it: How much would Google have to pay its own developers to ferret out problems on its sites and in its applications?
In this post, you can find an update from Google on how its community-focused bug bounty programs are working. According to the post:
"We recently marked the anniversary of our Vulnerability Reward Program, possibly the first permanent program of its kind for web properties. This collaboration with the security research community has far surpassed our expectations: we have received over 780 qualifying vulnerability reports that span across the hundreds of Google-developed services, as well as the software written by fifty or so companies that we have acquired. In just over a year, the program paid out around $460,000 to roughly 200 individuals. We’re confident beyond any doubt the program has made Google users safer. Today, to celebrate the success of this effort and to underscore our commitment to security, we are rolling out updated rules for our program."
UPDATE: Google has also introduced its much rumored Google Drive cloud storage service today. You can sign up for 5GB of free storage. Find out more here.
Related Blog Posts
View full post on OStatic blogs