Google Ups Bug Bounty To $20,000 53
Trailrunner7 writes, quoting Threatpost: "Search giant Google said it is quintupling the top bounty it will pay for information on security holes in its products to $20,000. Google said it was updating its rewards and rules for the bounty program, which is celebrating its first anniversary. In addition to a top prize of $20,000 for vulnerabilities that allow code to be executed on product systems, Google said it would pay $10,000 for SQL injection and equivalent vulnerabilities in its services and for certain vulnerabilities that leak information or allow attackers to bypass authentication or authorization features."
Re:A failure of conventional hack-ism ? (Score:5, Insightful)
Re:A failure of conventional hack-ism ? (Score:5, Insightful)
the inference to be drawn is that finding a security hole would take more than 20k of programmer time, so probably the holes remaining are _hard_ to find. Seems more like a success than a failure to me.
Re:A failure of conventional hack-ism ? (Score:5, Insightful)
Re:A failure of conventional hack-ism ? (Score:4, Insightful)
If, however, this were Microsoft or Apple, they would not offer such high amounts as bounties as they would soon go bankrupt from the financial burden of paying out these bounties.
So, not only is Google saying "we are confident and proud of our product" they are also saying "we know there are bugs and even though we are confident in our products we are willing to pay out for people finding them".
Re:Obligatory Dilbert (Score:4, Insightful)
Yes, I'm sure a Google employee will risk their $110k+benefits job and being unemployable for life in any major tech company to gain $20k.
Three reasons (Score:4, Insightful)
1. Bugs are getting harder to find, especially ones that can be exploited
2. Criminals are paying good money for quality exploits.
3. It's cheaper than hiring more people to do it.
Re:A failure of conventional hack-ism ? (Score:4, Insightful)
It's more likely that a bug would do more than $20,000 worth if damage.