Google on Monday raised to $20,000 its
bounty on software bugs that hackers could exploit for cyber attacks on
the Internet giant's online services.
The maximum reward for exposing a
vulnerability that would let an intruder's code get up to mischief in a
Google data centre was ramped up from the $US3,133 ($A3,030) payout set
when the bounty program was launched in November of 2010.
Remote code flaws found in
Google's Web apps will also be rewarded $20,000.The term "remote code
execution" refers to the most serious category of vulnerabilities, those
which when exploited allow an attacker to hijack a system and/or plant
malware on a machine.
A $10,000 bounty will be paid for SQL
injection bugs or significant authentication bypass or data leak
vulnerabilities, Google said in the revised rules for the program.
At Google’s Pwnium contest in
March, Google paid out $60,000 prizes to anyone that could exploit the
Chrome browser. Two people managed to do so, and collected the money.
Even at that rate, security researchers have made it clear the exploits
would have been worth more if sold to malicious individuals. Google’s
$20,000 top payment is likely still far below the market rate.
The bounty was raised to inspire
software savants to hunt for difficult-to-find, and potentially
perilous, bugs hidden deep in programs
No comments:
Post a Comment