

Japanese hacker earns $13,174 for reporting Google security holes - chrisbroadfoot
http://d.hatena.ne.jp/masatokinugawa/20110207/google_security

======
patio11
Do folks want details? I'll translate if there is interest, but have some real
work to do first.

~~~
patio11
And here you go:

<http://www.pastie.org/1536256>

P.S. If I were still doing this professionally, I would have been more careful
on the editing and y'all would have been more careful on paying the $200 to
$300 promptly. (The sky is the limit on translation if you have a high-value
high-difficulty niche, and software security counts for both.)

------
patio11
At that rate, one would almost be tempted to do it full time. (That is 2 ~ 4
months of salary, depending on his seniority.)

~~~
tomjen3
Are Japanese salaries really that low?

Almost makes it worth outsourcing at the price.

~~~
patio11
Japanese salaries for engineers are really, really low compared to American
salaries. In Nagoya, the well-known algorithm is about "age times 100k yen",
so a 30 year old engineer makes on the order of $36.5k. Opportunities for
improving this based on demonstrable ability are very limited when working for
Japanese companies. (I hear there are some better options in Tokyo,
particularly at foreign companies. Still, published average wages for one of
the world's most expensive cities would seem substandard for virtually any
American metropolis.)

~~~
harisenbon
I've been doing business with some companies in Tokyo recently, and I've come
to realize that Nagoya is kind of an anomaly.

Tokyo can command about half-again what we get paid here in Nagoya. Although,
that's still well below the average in America, I think.

Also, when looking at those salary rates, you have to make sure to look at
SEs, not Programmers -- as there's a huge wage difference between the two (And
you and I are definitely not mere programmers ;)

This site is really great for getting good salary info: <http://nensyu-
labo.com/>

Here's the SE division: <http://nensyu-labo.com/syokugyou_se.htm> 平均年収：547.0万円
(does not include bonus)

And here's a run of the mill programmer <http://nensyu-
labo.com/syokugyou_programer.htm> 平均年収：399.0万円 (does not include bonus)

------
lapusta
Russian gets ~20k$ [http://blog.quintura.com/2011/01/13/russian-sergey-
glazunov-...](http://blog.quintura.com/2011/01/13/russian-sergey-glazunov-
earned-20k-from-google-for-finding-bugs-in-chrome/)

------
nbpoole
I'd be curious how many vulnerabilities he found that followed those three
patterns. $13k is actually a lot to earn from the program (the average payout
I've received per accepted vulnerability is ~$666). Regardless, those are some
very nice finds. :)

------
chaostheory
English version:

[http://translate.google.com/translate?js=n&prev=_t&h...](http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&sl=ja&tl=en&u=http%3A%2F%2Fd.hatena.ne.jp%2Fmasatokinugawa%2F20110207%2Fgoogle_security)

~~~
flipdeadshot
I'm pretty surprised that Google was allowing such blatantly obvious XSS
attack vectors.

------
lubos
good job but I bet he wouldn't pass the job interview process at google.

~~~
hydrazine
IMO Finding live vulnerabilities (with a passion!) outweighs most scripted
interviews.

