Google Extends Security Reward Program




Google Extends Security Reward Program - Earlier this year I wrote a story about the enigmatic world of cybersecurity, where ”white hat” hackers work with corporations to find flaws in computer systems, in the hope of fending off “black hat” hackers who try to take advantage of these vulnerabilities.


http://graphics8.nytimes.com/images/2010/11/01/technology/bits-hackergoogle/bits-hackergoogle-blogSpan.jpg
At the Black Hat security conference in Las Vegas in July


In the article I discussed how some companies threaten legal action against hackers who try to penetrate their computer systems or software — even if the programmers’ goal is to protect users. In contrast there are companies that work closely with hackers, even paying and rewarding them when they find flaws in a system.

On Monday Google said that an existing program promoting security for the company’s open-source Chromium project has been so successful that it is now extending it to Google Web applications.

The new reward system will offer financial compensation to hackers and security researchers who find flaws in products like Google, YouTube, Blogger and Orkut, the company’s social network.

The amount of compensation will depend on the severity of the security breach.

In a company blog post, the Google Security Team said the base reward for finding a bug starts at $500, while “unusually clever” or severe flaws can be rewarded as much as $3,133.70. The amount will be decided by a panel of Google security experts.

The company also acknowledges that some researchers are not compelled by money, but enjoy the recognition that comes with finding a security flaw. In such instances, these researchers will be thanked publicly on a section of the Web site titled “We Thank You.”

Not everyone gets to play hacker for Google. The company makes a point of noting that people in countries sanctioned by the United States, which include Cuba, Iran, North Korea, Sudan and Syria, are not eligible to receive rewards for hacking Google products. ( nytimes.com )



No comments: