Menu
Google expands bug bounty program, ups Patch program rewards

Google expands bug bounty program, ups Patch program rewards

Researchers who analyze Google-made extensions should be rewarded, the company said

Google is broadening its bug bounty program for security researchers to encompass all Chrome apps and extensions made by company. It's also upping payments for its Patch Rewards Program, focused on improvements for open-source code.

The company pays independent researchers for finding problems such as cross-site scripting flaws, SQL injection or authentication problems under its Vulnerability Reward Program, which started in November 2010.

Many applications and extensions for its Chrome browser come from third-party developers, but Google also develops many itself.

"We think developing Chrome extensions securely is relatively easy (given our security guidelines are followed), but given that extensions like Hangouts and GMail are widely used, we want to make sure efforts to keep them secure are rewarded accordingly," wrote Eduardo Vela Nava and Michal Zalewski of Google's Security Team, in a blog post.

The company is also upping the payouts for qualifying code improvements under its Patch Rewards Program, which focuses on some of the most widely used open-source programs. It was launched in October 2013.

The previous range for rewards was between US$500 to $3,133.7. Now that range will apply to "submissions that are very simple or that offer only fairly speculative gains," Nava and Zalewski wrote.

Google will offer $5,000 for moderately complex patches that provide convincing security benefits, and $10,000 for complicated improvements that prevent major vulnerabilities in the code.

"We look forward to ongoing collaboration with the broader security community, and we'll continue to invest in these programs to help make the Internet a safer place for everyone," they wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Googlesecurity

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments