Google boosts Web bug bounties to $20,000
Google today dramatically raised the bounties it pays independent researchers for reporting bugs in its core websites, services and online applications. The search giant boosted the maximum reward from $3,133 to $20,000, and added a $10,000 payment to the program. The Vulnerability Reward Program (VRP) will now pay $20,000 for vulnerabilities that allow remote code execution against google.com, youtube.com and other core domains, as well as what the company called "highly sensitive services" such as its search site, Google Wallet, Gmail and Google Play. Remote code flaws found in Google's Web apps will also be rewarded $20,000. The term "remote code execution" refers to the most serious category of vulnerabilities, those which when exploited allow an attacker to hijack a system and/or plant malware on a machine. A $10,000 bounty will be paid for SQL injection bugs or "significant" authentication bypass or data leak vulnerabilities, Google said in the revised rules for the program. Other bugs, including cross-site scripting (XSS) and cross-site request forgery (XSRF) flaws, will be compensated with payments between $100 and $3,133, with the amount dependent on the severity of the bug and where the vulnerability resides
--
Please visit www.vuzs.net For Current & Old Papers, Quizzes, Assignments and study material.
To post a new message on this group, send email to vuZs@googlegroups.com
Message Posting Rules: http://vuzs.net/faq/4795-vuzs-google-groups-basic-rules-for-posting-messages.html
--
To unsubscribe from this group, send email to vuZs+unsubscribe@googlegroups.com
--
To join this group Send blank email to vuZs+subscribe@googlegroups.com
or visit
http://groups.google.com/group/vuZs/subscribe
No comments:
Post a Comment