Establishing Digital Trust: Don't Sacrifice Security for Convenience
Google recently announced increases in the rewards it pays out for Chromium vulnerabilities.
"Recently, we’ve seen a significant drop-off in externally reported Chromium security issues," wrote Google software engineer Chris Evans. "This signals to us that bugs are becoming harder to find, as the efforts of the wider community have made Chromium significantly stronger."
"Evans outlined new bonuses that Google will award researchers who report certain kinds of flaws," writes Computerworld's Gregg Keizer. "All the bonuses start at $1,000 but can climb from there. Google will add the bonuses to the base payments -- which range from $500 to $3,133 -- for bugs that are 'particularly exploitable,' found in the more bug-free sections of Chrome's code, and for vulnerabilities that affect more than just the browser."
"The web giant will also continue to provide additional rewards for bugs that are particularly significant," writes ZDNet's Michael Lee.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"Google says examples of some bugs that would be considered significant are flaws in Nvidia, ATI, Intel GPU drivers, high or critical severity vulnerabilities in the respective Windows drivers (demonstrated and triggered from a web pages), submissions on their Chrome OS, particularly those that escape the 'setuid' or 'seccomp BPF' sandbox or local escalation of privilege exploits via the kernel, serious vulnerabilities in IJG libjpeg, which they claim hasn’t happened in a decade, 64-bit exploits, and working browser code execution exploits," writes Threatpost's Brian Donohue.