Google raises bounty on software bugs
SAN FRANCISCO, April 24 – Google yesterday raised to US$20,000 (RM61,300) its bounty on software bugs that hackers could exploit for cyber attacks on the Internet giant’s online services.
The maximum reward for exposing a vulnerability that would let an intruder’s code get up to mischief in a Google datacentre was ramped up from the US$3,133.70 payout set when the bounty programme launched in November of 2010.
“When we get more bug reports, we get more bug fixes,” Google security team manager Adam Mein said. “That is good for our users; that is good for us.”
Google has paid out approximately US$460,000 since it established the Vulnerability Reward Programme.
Of the 11,000 software flaws reported to Google, more than 780 qualified for rewards ranging from US$300 to the maximum, a figure selected because the digits translate into a technical term in a hacker programming language.
The bounty was raised to inspire software savants to hunt for difficult-to-find, and potentially perilous, bugs hidden deep in programmes, according to Mein.
“We want them to know the reward is there for them if they find the most severe bugs,” Mein said.
Bugs found in more sensitive services such as Google smartphone “Wallet” software tends to merit more generous rewards.
People vying for bounties have tended to be computer security professionals; engineering students honing their skills, and website operators, according to Google. – AFP
