Google To Pay $500 For Bugs Found In Chromium 175
Trailrunner7 writes to mention that a new program from Google could pay security researchers $500 for every security bug found in Chromium. Of course if you find a particularly clever bug you could be eligible for a $1337 reward. "Today, we are introducing an experimental new incentive for external researchers to participate. We will be rewarding select interesting and original vulnerabilities reported to us by the security research community. For existing contributors to Chromium security — who would likely continue to contribute regardless — this may be seen as a token of our appreciation. In addition, we are hoping that the introduction of this program will encourage new individuals to participate in Chromium security. The more people involved in scrutinizing Chromium's code and behavior, the more secure our millions of users will be. Such a concept is not new; we'd like to give serious kudos to the folks at Mozilla for their long-running and successful vulnerability reward program."
Here's an idea! (Score:2, Interesting)
The idea being that once more and more bugs are discovered, the number of bugs left to discover will diminish, and people will have less incentive to find bugs, even though major flaws may still exist in some form. So the one person who finds the whopper of a bug five years from now could get $100,000...
What about when the bugs are "features"? (Score:3, Interesting)
Even though they say they know it causes problems [chromium.org] they'd rather continue to have a browser with issues rather than implement proven solutions that other browsers have come up with because they have aesthetic issues with those solutions.
I really don't appreciate them making the product less useful to me because they don't like the solutions other people have come up with but can't think of anything better themselves. In my mind that counts as a bug, but that's not a definition they're going to accept.
google just does everything different (Score:5, Interesting)
Some software companies sue security researchers. A few (Adobe) even attempt to get researchers arrested! Microsoft openly espouses its disdain for security researchers (see Balmer's comments at the shareholders' meeting).
Google? Google pays them cold, hard cash.
I swear, it seems Google bucks every bad trend in the software/IT industry. It's like they're reading Slashdot and doing everything we say! The only real gripe slashdotters have with google is targeted advertising, but that's their revenue model, so the best we can hope for is that they don't give the info to those who would use it for something harmful (which seems to be the case).
Re:google just does everything different (Score:4, Interesting)
I swear, it seems Google bucks every bad trend in the software/IT industry.
Here's Bruce Schneier pointing out the problems with such strategies in 1998 [jammed.com]. Point #3 is probably most salient in this case, but Chromium isn't open source, so the first two are still valid.
Totally different. Schneier is talking about putting up money to "prove" that a given product has no bugs. Google is smart enough to know that every product has bugs, and is just giving an incentive for people to find them (or more likely, for the finders to report them.)
names and labels (Score:2, Interesting)
Ha, I am a strict Constitutionalist, a practical centrist, with the emphasis being the soverign individual first, then some powers to the states, then even less to the central government. the original idea.
I *wish* it was attempted, because I think it could actually work..
When it comes to corporations I just don't like crooks thieves and liars, nor vampire corporations that can get away with anything and can't be killed, just because of "making money" as their one and only priority. There needs to be a "three strikes and you are out" for corporations same as it is for individuals. It should be a lot easier to get their charters revoked.
I think *voluntary* collectivism is an interesting idea to run companies fairly and ethically, and still make a buck, like the movements in Argentina today. I'm not real big on large scale centralized planning (left or right wing), but as a voluntary thing, sure. I like the idea of eliminating the typical "workers versus management versus shareholders" internal war which screws up corporations today, and makes them work inefficiently and keeps everyone mad at the other guy. I think that's a lame stupid model. I think the owners should be the workers should be the managers, and share in the profits equitably. This would help eliminate all those bogus decisions based on "short term profits" mentality.
HOSTS beat that, read inside... apk (Score:1, Interesting)
"Besides it is an open source tool. If they explicitly disallow adblocking. Someone will fork it." - by iammani (1392285) on Friday January 29, @04:44PM (#30955594)
NO NEED FOR THAT: There's already a tool that operates @ a "lower level" of the IP Stack for filtering sites AND FOR SPEEDING UP ACCESS TO THEY AS WELL - that's your local HOSTS file!
1.) HOSTS files eat no CPU cycles like browser addons do no less!
2.) HOSTS files are also NOT severely LIMITED TO 1 BROWSER FAMILY ONLY... browser addons, are. HOSTS files cover & protect (for security) and speed up (all apps that are webbound) any app you have that goes to the internet (specifically the web).
3.) HOSTS files allow you to bypass DNS Server requests logs (via hardcoding your favorite sites into them to avoid not only the TIME taken roundtrip to an external DNS server, but also for avoiding those logs OR a DNS server that has been compromised (see Dan Kaminsky online, on that note)).
4.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR.
5.) HOSTS files also allow you to not worry about a DNS server being compromised, or downed (if either occurs, you STILL get to sites you hardcode in a HOSTS file anyhow in EITHER case).
6.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://en.wikipedia.org/wiki/Hosts_file [wikipedia.org] ) & edited too.
7.) HOSTS files aren't as vulnerable to "bugs" either like programs/libs/extensions of that nature are, OR even DNS servers.
8.) HOSTS files are a solution which also globally extends to EVERY WEBBOUND APP YOU HAVE
9.) HOSTS files are also EASILY secured well, via write-protection "read-only" attributes set on them, or more radically, via ACL's even.
10.) ADBLOCK DOES NOT ALLOW A USER DIRECT EASILY EDITABLE CONTROL OVER WHAT IT BLOCKS & HOSTS do, via texteditors like notepad.exe (afaik, @ least - feel free to correct me IF I am in error here (thanks)).
APK
P.S.=> Per my subject-line above? Chrome doesn't NEED addons to do the job, as a HOSTS file already can blockout anything you like, AND SPEED YOU UP to your fav. sites too... "too, Too, TOO EASY" & all from 1 single more efficient + less "bug prone" file! However, laying in BOTH addons for browsers AND a HOSTS file is a good idea for the concept of "layered security"... apk