Full Disclosure mailing list archives
Google offers up to $1337 for select Chromium vulnerabilities
From: Berend-Jan Wever <berendjanwever () gmail com>
Date: Fri, 29 Jan 2010 09:49:03 +0100
http://blog.chromium.org/2010/01/encouraging-more-chromium-security.html <quote> *"Today, we are introducing an experimental new incentive for external researchers to participate. We will be rewarding select interesting and original vulnerabilities reported to us by the security research community. For existing contributors to Chromium security — who would likely continue to contribute regardless — this may be seen as a token of our appreciation. In addition, we are hoping that the introduction of this program will encourage new individuals to participate in Chromium security. The more people involved in scrutinizing Chromium's code and behavior, the more secure our millions of users will be. Such a concept is not new; we'd like to give serious kudos to the folks at Mozilla for their long-running and successful vulnerability reward program. Any bug filed through the Chromium bug tracker (under the template "Security Bug") will qualify for consideration."* </quote> Note that this does not mean that *all** *bugs reported as vulnerabilities get rewarded: <quote> *"**Q) What bugs are eligible?* *A) Any security bug may be considered. We will typically focus on **High and Critical impact bugs*<http://dev.chromium.org/developers/severity-guidelines> *, but any clever vulnerability at any severity might get a reward. Obviously, your bug won't be eligible if you worked on the code or review in the area in question."* </quote> Cheers, SkyLined Berend-Jan Wever <berendjanwever () gmail com> http://skypher.com/SkyLined
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google offers up to $1337 for select Chromium vulnerabilities Berend-Jan Wever (Jan 29)