Paid to find security bugs?

Security for most companies these days is paramount. There are many steps one can take to ensure that a system is secure, from switching it of at one extreme to hiring consultants to analyse every minute line of code to look for problems. Balancing money with time however leads to most companies taking somewhere in between.

Google Chrome

google chrome The guys at google have released details of an increase in their awards. The project initially started in the region of $500 which has now increased its bounty  to $3,133.70. It beats the Firefox security bounty.

How do I get it?

In order to achieve this pay out, you must discover a serious security related flaw in the Google Chrome Web Browser and submit it through the proper channels.

Read more or Download

Firefox

Firefox LogoThe Mozilla team have been doing this for longer their security reward program started in 2004. Unlike chrome, they outright disallow bugs in third party applications whereas google will consider (which in all likelihood I’d wager means would not pay out).

How Do I get it?

Like in the case of google it is necessary to have submitted a sufficiently critical bug which they define as being critical and high. Also you must not be involved in the bug in anyway that is worked on the firefox core as a developer.

The two projects are very much alike and are likely to help improve the general quality of both projects – people interested in earning a few thousand will likely dig up the browser and start trying to find one of those illusive bugs. Consequently they will submit bug reports and these will hopefully be fixed along the way.

So with around $3K for critical bugs between each browser it would make for a nice summer bonus for someone. Good luck hunting.

References
Download Google Chrome
Download Firefox
Chromium Security Award
Mozilla
The Registrar

The Registrar

Leave a comment

Your email address will not be published. Required fields are marked *