bounty

Google's program to pay outsiders who find Chrome security vulnerabilities is working well enough that the company has concluded it's time to add new financial rewards.

"Recently, we've seen a significant drop-off in externally reported Chromium security issues," Chrome programmer Chris Evans said in a blog post yesterday. "This signals to us that bugs are becoming harder to find, as the efforts of the wider community have made Chromium significantly stronger."

Thus, Google added a new $1,000 bonus on top of the regular incentive in three circumstances. The bonus applies if a … Read more

A few companies pay money to bug hunters. But Facebook is giving out something more unique than just a check. Some security researchers are getting a customized "White Hat Bug Bounty Program" Visa debit card.

The researchers, who can make thousands of dollars for reporting just one security hole on the social-networking site, can use the card to make purchases, just like a credit card, or create a PIN and take money out of an ATM. As the researchers find more bugs, Facebook can add more money to their accounts.

Facebook wanted to do something special for the … Read more

Too busy to keep up with the tech news? Here are some of the more interesting stories from CNET News for Monday, August 29. 

Apple is working on a TV set based on iOS. An Apple TV could appear in late 2012 or early 2013, if analysts are right about this.

Zynga may delay its IPO until November. With the stock market's rocky ride of late, the company has not pushed its IPO. There are some red flags that have been raised in the SEC filing.

There's a way to make money on Facebook. CNET's Elinor Mills … Read more

Facebook said today it has paid more than $40,000 to people who have uncovered bugs on its Web site in the first three weeks of its Bug Bounty program.

The company launched its bug bounty program at the end of last month as a way to compensate people who find and report bugs that might otherwise go unfixed or be exploited by malicious hackers. Bug hunters can make upwards of $500 per bug reported.

One bug hunter received more than $7,000 for six different issues reported, and another person was paid $5,000 for "one really good … Read more

Facebook is set to announce today a bug bounty program in which researchers will be paid for reporting security holes on the popular social-networking Web site.

Compensation, which starts at $500 and has no maximum set, will be paid only to researchers who follow Facebook's Responsible Disclosure Policy and agree not to go public with the vulnerability information until Facebook has fixed the problem.

"Typically, it's no longer than a day" to fix a bug, Facebook Chief Security Officer Joe Sullivan told CNET in a conference call.

Facebook's Whitehat page for security researchers says: "… Read more

Taking a page from the Chrome playbook, Google has launched a program to encourage outsiders to find security vulnerabilities in its Web properties.

Under the Chrome vulnerability-finding bounty program, the company already has been paying varying sums to those who locate holes in the browser. Also part of the package has been mention on the Chromium security hall of fame and a public thank-you to those providing Google with sustained security help.

The duplication of the initial program is geared to uncover "any serious bug which directly affects the confidentiality or integrity of user data," members of Google'… Read more

Google patched 11 vulnerabilities--three critical, seven high-risk, and one medium--in a new version of Chrome released Thursday.

All but one of the problems was in Chrome itself. The additional issue handled in Chrome 5.0.375.127 (Windows | Mac | Linux) is a workaround for a critical Windows kernel bug, according to a blog post Thursday by Jason Kersey of the Chrome team.

Chrome has an automated update process that periodically checks for updates, downloads new versions, and installs them when a person restarts the browser. For a quicker update, people can follow Google's instructions to check for and install a Chrome update. … Read more

Just before the Black Hat security conference begins, Google has patched seven secuity holes in its stable version of Chrome and begun an effort to speed up the software industry's response to such vulnerabilities.

Google paid two $1,337 bounties for work that lets Chrome avoid critical security problems by sidestepping vulnerabilities in Windows and the widely used glibc software library, according to a Monday blog post about Chrome 5.0.375.125 by Jason Kersey of Google's Chrome team.

Also through its program to reward those who find Chrome security holes, Google issued payments to people who … Read more

To entice security researchers to look for holes in the Chrome browser, Google has announced it will pay $500 for bugs found in the code. But several experts say that's not enough money to motivate skilled vulnerability researchers.

"I think it's ridiculous," Charlie Miller, a senior security researcher at Independent Security Evaluators, said when asked Monday for his opinion of Google's new bug bounty program. "It's insulting. It's so low."

Under Google's new "experimental" incentive program, announced last week, people will get paid $500 for select interesting and … Read more