Several days ago, Mozilla announced that it would pay developers and hackers $3,000 for every reproducible, critical security flaw found in its FireFox web browser. Yesterday, Google has announced that it will pay $3,133.70 for critical security bugs found in its Chrome web browser. Bravo to Google for their ability to sneak 31337 (eleet) into their bug bounty payout. Google’s pay-per-bug program looks like this:
- The maximum reward for a single bug has been increased to $3,133.7. We will most likely use this amount for SecSeverity-Critical bugs in Chromium. The increased reward reflects the fact that the sandbox makes it harder to find bugs of this severity.
- Whilst the base reward for less serious bugs remains at $500, the panel will consider rewarding more for high-quality bug reports. Factors indicating a high-quality bug report might include a careful test case reduction, an accurate analysis of root cause, or productive discussion towards resolution.
We’ve got the full article all linked up for you. More →