Are you a researcher who likes to find vulnerabilities on web applications? You have a chance
to earn money if you can “discover legitimate, critical flaws in its Web applications — including
Google.com, Blogger.com, Orkut.com, and YouTube.com”.
In a bold move, Google is offering money for bugs that users can find on its various services.
The rules are simple: “No automated testing tools are allowed, nor are attacks against Google’s
corporate infrastructure, social engineering and physical attacks, denial-of-service bugs, non-
Web application vulnerabilities, SEO blackhat techniques, vulnerabilities in Google-branded
websites hosted by third parties, and flaws in any newly acquired technologies by Google”. And
researches can only use their own accounts and must not acquire access to data from another
account.
Bug reports can earn the research $500 to $3,133.70, depending on the severity and cleverness
of the bug reported.
The researcher of the bug report that got accepted for the monetary award will also be
recognized in Google’s security page.
A similar program launched for the Chromium project last January yielded important bug reports
and Google hopes to duplicate the success with its web applications.
The Chromium project is an open source browser that “aims to build a safer, faster, and more
stable way for all Internet users to experience the web.”, according the Chromium website.
Sources:
http://googleonlinesecurity.blogspot.com/2010/11/rewarding-web-application-security.html
http://www.informationweek.com/news/internet/google/showArticle.jhtml?articleID=228200276
http://dev.chromium.org/Home