Bugtraq mailing list archives
Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Tue, 24 Apr 2012 08:44:10 -0700
A you-only-get-it-when-successful 20,000$ budget from Google is insulting, considering the perhaps massive time investment from the researcher. [...] and yet they only pay a nice researcher 20 grand? You can't even live on that. Researchers aren't just kids with no responsibilities, they have mortgages and families
People who want to make a living helping to improve Google security are welcome to apply for a job :-) We have a remarkably large and interesting security team. The program simply serves to complement that (and some other, contract-driven efforts), and it works for quite a few people who see it as a way to do something useful on the side, and get compensated for it, too. Now, I have done a fair amount of vulnerability research in my life, I do have a family and a mortgage - and I still wouldn't see $20k as an insult; but I know that this is subjective. In that spirit, you are at liberty to determine whether to participate, and how much time to invest into the pursuit :-) Cheers, /mz
Current thread:
- FYI: We're now paying up to $20,000 for web vulns in our services Michal Zalewski (Apr 23)
- RE: We're now paying up to $20,000 for web vulns in our services Jim Harrison (Apr 25)
- Re: We're now paying up to $20,000 for web vulns in our services Michal Zalewski (Apr 25)
- Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services Charles Morris (Apr 25)
- Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services Michal Zalewski (Apr 25)
- Re: We're now paying up to $20,000 for web vulns in our services Michal Zalewski (Apr 25)
- RE: We're now paying up to $20,000 for web vulns in our services Jim Harrison (Apr 25)