Although a reward program has been in place for the Chromium open source project since January, Google has now decided to expand the scheme to include its other web properties. Those properties include:
*.google.com
*.youtube.com
*.blogger.com
*.orkut.com
If you’re wondering what bugs are worthy of a reward Google is keeping things very open by stating:
Any serious bug which directly affects the confidentiality or integrity of user data may be in scope.
You won’t earn cash for any of the following, though:
attacks against Google’s corporate infrastructure
social engineering and physical attacks
denial of service bugs
non-web application vulnerabilities, including vulnerabilities in client applications
SEO blackhat techniques
vulnerabilities in Google-branded websites hosted by third parties
bugs in technologies recently acquired by Google
As to how much you can earn, the rewards are substantial if you report regularly or hit a goldmine of bugs Google will payout multiple times for. The guidelines are as follows:
The base reward for qualifying bugs is $500. If the rewards panel finds a particular bug to be severe or unusually clever, rewards of up to $3,133.7 may be issued. The panel may also decide a single report actually constitutes multiple bugs requiring reward, or that multiple reports constitute only a single reward.
Anyone deciding to give their reward to charity will see the amount matched by Google. [Geek]
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.