Pentru descoperirea unor probleme de securitate in servicii ca Gmail, Blogger sau YouTube, Google plateste 500 USD pentru fiecare bug descoperit. Vulnerabilitatile care sunt severe sunt recompensate pe masura, ajungand pana la peste 3.000 de dolari. Cei care descopera problemele vor avea si alt avantaj: vor fi mentionati pe pagina de securitate a Google.
Nu este prima oara cand Google apeleaza la metoda recompensei pentru descoperirea de bug-uri, in Ianuarie a folosit aceeasi metoda pentru Chromium, proiectul open-source din spatele browserului Chrome Web.
In viitor Google ar putea extinde programul si pentru aplicatii precum Android, Picasa sau Google Desktop iar acest lucru nu poate decat sa bucure utilizatorii finali.
For security researchers who find flaws in Internet services like Gmail, Blogger and YouTube, Google will reward $500 or more per bug. Vulnerabilities that are “severe or unusually clever” pay up to $3,133.70. Optionally, benevolent hackers can also donate their rewards to charity, in which case Google will match the winnings at its discretion.
Bug-hunting researchers will also be credited on Google’s security page.
To keep Web services running smoothly, Google is excluding bugs caused by denial of service attacks and search optimization tricks. Technologies recently acquired by Google are also off-limits.
This isn’t the first time Google has opened up security research to the masses with cash rewards. In January, the company announced a bounty program for Chromium, the open-source project behind Google’s Chrome Web browser, following the lead of Mozilla’s Firefox bounty program.
The move to Web apps, however, is an important and logical step for Google. The company is putting a lot of faith in Web apps as the future of computing, as evidenced by the upcoming Chrome OS. If users are going to store more and more sensitive information into online services, those services need to be secure.
In the future, Google may expand the program to client applications such as Android, Picasa and Google desktop. Let’s hope that happens soon; analysis firm Coverity recently found 88 high-risk defects in the Android kernel.
e interesant si cred ca va fi in favoarea ambelor parti 😉