Tuesday, August 13, 2013

Google Chrome Bugs Bounty At $5000

Today, I noticed that Google has increased the bounty for it's Chrome browser bugs.  What used to net you $1000 will now get you $5000.  (Source: http://googleonlinesecurity.blogspot.ca/2013/08/security-rewards-at-google-two.html)

This is good news.  People will always tinker with stuff, but the important question is why they're tinkering with it.  

Sometimes it's to prove something, like:
  • They can prove that they can get in.
  • They can prove something isn't fixed.
  • They can prove there's a bigger problem.
  • They can prove a risk to the bigger public.
  • They can probe something can be done better.

Sometimes it's through boredom:
  • It was something to do.
  • It was there.

Sometimes it's to gain something:
  • To gain insight, knowledge or secrets.
  • To gain data.

All but two of these can be turned into a good thing - which is what Google has done.  The only exceptions being the gaining of something, which can be leveraged into a blackmail or competitive situation.

By given people an incentive to hand over what they found, Google is doing two things:
1.  Only spending money on top talent, and not "average" talent.
2.  Making sure that top talent stays on side with Google.

I wish more companies would do something like this.