Google doesn’t like vulnerabilities in its projects, and has discovered that one of the best ways to make them go away is to pay people scads of cash for finding them. Last Februrary at their Pwnium contest, Google offered up to $1 million in prizes to hackers who could uncover dangerous vulnerabilites in the Windows 7 version of Chrome. That wasn’t just a one time deal; Google also has ongoing awards for people who can find vulnerabilities in anything of theirs, and they just upped the ante from around $3,000 to $20,000.
When Google launched their bug-finding incentive program back in November of 2010, the max payout was the tongue-in-cheek sum of $3,133.70. Now, it seems, they hope to pull in more attention with this bigger chunk of change, either because the flow of found exploits has been slowing down, or because they’re pumping more and more products out to market.
To date, Google has dished out about $460,000 as rewards to those that have found particularly malicious bugs that will allow a user’s code to do all kinds of sketchy things in Google’s datacenter’s special parts. Of the 11,000 or so software flaws reported to Google, less than 1,000 qualified for prizes in excess of $300, so this increase is really an opportunity for Google to reach out to the really ambitious and skilled fellows.
“We want them to know the reward is there for them if they find the most severe bugs,” Adam Mein, Google security team manager, told AFP. Considering the hefty increase, it’s likely that Google is hoping to tighten up the code surrounding its Google Wallet service. In that particular case, $20,000 could prove to be a small price to pay for increased security. So if you think you have the chops to find one of Google’s mistakes, put their nose in it, and then have them pay you for doing so, get to it. It works out for all of us if you do.
- Googles Pwnium contest was built on the same basic principle
- And somebody managed to pull down the max, $60,000 prize