Google To Pay $500 For Bugs Found In Chromium 175
Trailrunner7 writes to mention that a new program from Google could pay security researchers $500 for every security bug found in Chromium. Of course if you find a particularly clever bug you could be eligible for a $1337 reward. "Today, we are introducing an experimental new incentive for external researchers to participate. We will be rewarding select interesting and original vulnerabilities reported to us by the security research community. For existing contributors to Chromium security — who would likely continue to contribute regardless — this may be seen as a token of our appreciation. In addition, we are hoping that the introduction of this program will encourage new individuals to participate in Chromium security. The more people involved in scrutinizing Chromium's code and behavior, the more secure our millions of users will be. Such a concept is not new; we'd like to give serious kudos to the folks at Mozilla for their long-running and successful vulnerability reward program."
But it has AdThwart (Score:4, Insightful)
Re:Here's an idea! (Score:3, Insightful)
If the increase is small enough it probably wouldn't be a problem, but this calls up memories of playing Risk and holding onto my cards because as much as I needed the reward from using them now, it'd be so much MORE of a reward if I held out until someone else turned theirs in.
Re:Why tell when you can exploit? (Score:4, Insightful)
Re:Why tell when you can exploit? (Score:5, Insightful)
In Soviet Russia, spammer rewards YOU!
I'll take exploits for $500, Alex.
Sorry, the Russian Business Network is paying $5000.
Re:Why tell when you can exploit? (Score:3, Insightful)
Re:But it has AdThwart (Score:3, Insightful)
Given that Google is an advertising company, this is no surprise (actually it's a surprise that they actually offer ad hiding).
Re:Nice idea, but limited scope (Score:5, Insightful)
If those are indeed the motivations, it would seem highly counterproductive for them to be dicks about paying out. If they do, their good publicity will swiftly dissipate after a couple of "Google promises cash for bugs, weasels out" articles, and researchers who might otherwise care will probably just get fed up with fighting verbal technicalities and post to some open disclosure site instead.
Re:Nice idea, but limited scope (Score:3, Insightful)
This was a very rare thing to see prior to management's decision to hamstring meta-moderation. I'd still like to know who thought that was a good idea, who agreed with that person instead of laughing, and who has decided to keep meta-moderation useless even after the detrimental effects of this decision have been demonstrated.
Responsibility (Score:2, Insightful)
It is a companies sole responsibility to make money for its shareholders.
Ya, and that sucks, too, and it should be changed back to more of the original US model, where there were more duties and a lot more oversight into their conduct. Originally, it was a lot harder to get to be a corporation, charters were for a limited time, then a review before a renew, and you had to be publicly responsible, they couldn't be used to influence public policy, and a lot of other restrictions. Just "making profits" wasn't the sole criteria then to get granted a corporate charter.
A little reference:
http://www.reclaimdemocracy.org/corporate_accountability/history_corporations_us.html [reclaimdemocracy.org]
As it is today, it seems like they can do just about anything they want to do, and even if they run afoul of the last remaining checks and balances on their behavior, if they can meet the fine and pass the costs down to their next customers..that's it, they just keep on.
And that's the problem, it's way to easy to have corporations now, and way too hard to get rid of the ones who engage in chronic serial antisocial or outright illegal behavior. They can come to life, but you can't kill them. And even if they screw up so bad they manage to go bankrupt, if they are big enough, they get emergency bailed out. I mean, WTF..you can't get rid of bad businesses or bad business creeps anymore? This is touted as some economic or social "good", because it "enhances shareholder value" or something? This is our loftiest goal?
What you said is certainly true today, but it is the cause of a lot of problems...
A lot of modern corporations look more like toxic invasive species superweeds to me than anything else.
Re:But it has AdThwart (Score:2, Insightful)