Rewards Means Users Secure

Monday, February 13, 2012 @ 06:02 PM gHale

Google began offering rewards to researchers just around 15 months ago for the folks that report vulnerabilities in its Web applications. In that time, the company has paid out more than $400,000.

That is quite a bit of money, and quite a few vulnerabilities, but the company sees the program as a success.

Flaw in Google Wallet PIN Security
Breach Aftermath: Hijacked Sites
Google Secures Chrome 17
Chrome Loses SSL Query Capability

Google’s reward program was not the first of its kind, but because of the scope and the reach, it has attracted attention and a ton of submissions. In the first week of the program, Google received more than 40 legitimate submissions and it has only gone up since then. In total, Google has taken in more than 1100 bug reports, of which 730 qualified for a reward of some kind.

“Roughly half of the bugs that received a reward were discovered in software written by approximately 50 companies that Google acquired; the rest were distributed across applications developed by Google (several hundred new ones each year). Significantly, the vast majority of our initial bug reporters had never filed bugs with us before we started offering monetary rewards,” said Adam Mein, a technical program manager on Google’s security team.

Mein said the company considers the program quite a success, given the number of flaws Google has been able to fix that it might not have found otherwise.

“Google has gotten better and stronger as a result of this work. We get more bug reports, which means we get more bug fixes, which means a safer experience for our users,” he said.

Leave a Reply

You must be logged in to post a comment.