Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT Google raises sploit bounties

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Wed, 28 Nov 2012 08:40:51 -0800
I would be interested what bounties they would pay
for operation Аврора or for a botnet of say 1M host.


Reward amounts are public; for example, here are the rules for the web
app program:

http://www.google.com/about/appsecurity/reward-program/

Neither malware on user machines nor attacking employees is within
scope, though: the program is mostly about recognizing original
research into potential design and implementation flaws in our code.

We occasionally decide to extend rewards of some sort to people who
report very interesting or sensitive issues that fall outside the
scope of the existing programs, but we don't offer Microsoft-style
bounties for identifying malware authors, etc.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: