

Google reward is $1337 for discovering critical bugs in Chromium - Blish123
http://www.theregister.co.uk/2010/07/19/moz_bug_bounty/

======
ddfall
Well, Mozilla just raised their reward from $500.00 to $3,000.00
([http://www.h-online.com/security/news/item/Mozilla-
offers-3-...](http://www.h-online.com/security/news/item/Mozilla-
offers-3-000-for-bug-reports-1040238.html)). Also, while Google's offering up
to $1,337 ([http://www.h-online.com/open/news/item/Google-invites-
attack...](http://www.h-online.com/open/news/item/Google-invites-attacks-on-
Chrome-918266.html)), they've actually awarded $2,000 on one occasion
([http://www.h-online.com/security/news/item/Google-
pays-2-000...](http://www.h-online.com/security/news/item/Google-
pays-2-000-for-report-of-a-vulnerability-in-Chrome-1018495.html))...

------
jpablo
This is the original Google post:

[http://blog.chromium.org/2010/01/encouraging-more-
chromium-s...](http://blog.chromium.org/2010/01/encouraging-more-chromium-
security.html)

Seems like $500 for normal security bugs and can be upgraded to $1,337 for
severe bugs (judged by a panel)

------
jasonkester
Ah, lame. I found a canvas rendering bug back when Chrome first came out. I
blogged about it and they fixed it, referencing my blog entry in the steps-to-
reproduce portion of the bug report.

I guess I should have held onto it for a couple years and cashed in!

~~~
tptacek
Your canvas rendering bug is probably worth $0; this program is intended to
incentivize people to search for security bugs, so that Google (and Mozilla)
can win the race against organized criminals doing the same thing.

~~~
lanstein
The article says Google is paying $500 for non-security bugs

~~~
tptacek
They aren't. $500 is for non-severe security bugs.

~~~
lanstein
"Google has also established a bug bounty program, offering $500 for run-of-
the-mill flaws..."

So the article is wrong?

~~~
tptacek
Your interpretation of what the Register says is overly optimistic, and is
easily refuted by the FAQ on Google's own page. The Reg, when it says "flaws",
is (clumsily) implying security flaws as well.

Either way, just to keep this crystal clear: the $500 bounty is for security
flaws.

~~~
lanstein
Thanks for clearing that up :)

------
mey
<http://www.mozilla.org/security/bug-bounty.html> Mozilla's bounty was raised
to $3000 recently on security issues.

------
kmuzykov
Nice amount. But I'd like it to be the full $31337(why shorten), although I
don't plan to find any bugs in Chromium.

------
dreur
W0w 7hi5 i5 nic3

------
saturdaysaint
Nice, Hugh Hefner was only offering $800.85 for Playboy.com vulnerabilities.

