Google's Vulnerability Reward Program which started in November 2010, offers a hefty reward to the one who find a good vulnerability in its products.
Now Google is getting a little more serious about the security of its Chrome Browser and has expanded its Bug Bounty Program to include all Chrome apps, extensions developed and branded as "by Google".
The Internet is a platform which has become a necessary medium for performing our daily tasks like reading news, paying bills, playing games, scheduling meetings and everything we perform on this platform is possible only because of the various applications maintained by the service providers.
"We think developing Chrome extensions securely is relatively easy, but given that extensions like Hangouts and GMail are widely used, we want to make sure efforts to keep them secure are rewarded accordingly." Google said in a blog post.
Not only this, to improve the security of open-source projects like Open SSL, Linux Kernel or BND DNS software which is critical to the health of the Internet, Google encourages bug hunters by increasing the payouts for qualifying code improvements under its Patch Reward Program.
"The rewards for each vulnerability will range from the usual $500 up to $10,000 USD and will depend on the permissions and the data each extension handle. If you find a vulnerability in any Google-developed Chrome Extensions, please contact us at goo.gl/vulnz"
The New Reward structure is:
- $10,000 for complicated, high-impact improvements that almost certainly prevent major vulnerabilities in the affected code.
- $5,000 for moderately complex patches that provide convincing security benefits.
- Between $500 and $1,337 for submissions that are very simple or that offer only fairly speculative gain.
If you are a freelancer or Security enthusiast, then Bug bounty program is nothing more than a golden opportunity for you. "We look forward to ongoing collaboration with the broader security community, and we'll continue to invest in these programs to help make the Internet a safer place for everyone,"
Though it is good to have an in-house IT Security team, but collective and open way of penetration testing is an economically efficient mechanism for finding complex vulnerabilities.
Google has also scheduled its 4th 'Pwnium' hacking contest in March and $2.7 Million is up for Bug hunters to grab.