Google offers up to $1337 for select Chromium vulnerabilities

[Berend-Jan Wever <berendjanwever () gmail com>]

http://blog.chromium.org/2010/01/encouraging-more-chromium-security.html

<quote>
*"Today, we are introducing an experimental new incentive for external
researchers to participate. We will be rewarding select interesting and
original vulnerabilities reported to us by the security research community.
For existing contributors to Chromium security — who would likely continue
to contribute regardless — this may be seen as a token of our appreciation.
In addition, we are hoping that the introduction of this program will
encourage new individuals to participate in Chromium security. The more
people involved in scrutinizing Chromium's code and behavior, the more
secure our millions of users will be.

Such a concept is not new; we'd like to give serious kudos to the folks at
Mozilla for their long-running and successful vulnerability reward program.

Any bug filed through the Chromium bug tracker (under the template "Security
Bug") will qualify for consideration."*
</quote>

Note that this does not mean that *all** *bugs reported as vulnerabilities
get rewarded:

<quote>
*"**Q) What bugs are eligible?*
*A) Any security bug may be considered. We will typically focus on **High
and Critical impact
bugs*<http://dev.chromium.org/developers/severity-guidelines>
*, but any clever vulnerability at any severity might get a reward.
Obviously, your bug won't be eligible if you worked on the code or review in
the area in question."*
</quote>

Cheers,

SkyLined

Berend-Jan Wever <berendjanwever () gmail com>
http://skypher.com/SkyLined

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/