'[Full-disclosure] Google offers up to $1337 for select Chromium'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Google offers up to $1337 for select Chromium
From:       Berend-Jan Wever <berendjanwever () gmail ! com>
Date:       2010-01-29 8:49:03
Message-ID: 3fa2f5bb1001290049s3045d055nc03bfa0fb6159998 () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


http://blog.chromium.org/2010/01/encouraging-more-chromium-security.html

<quote>
*"Today, we are introducing an experimental new incentive for external
researchers to participate. We will be rewarding select interesting and
original vulnerabilities reported to us by the security research community.
For existing contributors to Chromium security =97 who would likely continu=
e
to contribute regardless =97 this may be seen as a token of our appreciatio=
n.
In addition, we are hoping that the introduction of this program will
encourage new individuals to participate in Chromium security. The more
people involved in scrutinizing Chromium's code and behavior, the more
secure our millions of users will be.

Such a concept is not new; we'd like to give serious kudos to the folks at
Mozilla for their long-running and successful vulnerability reward program.

Any bug filed through the Chromium bug tracker (under the template "Securit=
y
Bug") will qualify for consideration."*
</quote>

Note that this does not mean that *all** *bugs reported as vulnerabilities
get rewarded:

<quote>
*"**Q) What bugs are eligible?*
*A) Any security bug may be considered. We will typically focus on **High
and Critical impact
bugs*<http://dev.chromium.org/developers/severity-guidelines>
*, but any clever vulnerability at any severity might get a reward.
Obviously, your bug won't be eligible if you worked on the code or review i=
n
the area in question."*
</quote>

Cheers,

SkyLined

Berend-Jan Wever <berendjanwever@gmail.com>
http://skypher.com/SkyLined

[Attachment #5 (text/html)]

<a href="http://blog.chromium.org/2010/01/encouraging-more-chromium-security.html">http://blog.c \
hromium.org/2010/01/encouraging-more-chromium-security.html</a><br><br>&lt;quote&gt;<br><i>&quot;Today, \
we are introducing an experimental new incentive for external researchers to participate. We \
will be rewarding select interesting and original vulnerabilities reported to us by the \
security research community. For existing contributors to Chromium security — who would likely \
continue to contribute regardless — this may be seen as a token of our appreciation. In \
addition, we are hoping that the introduction of this program will encourage new individuals to \
participate in Chromium security. The more people involved in scrutinizing Chromium&#39;s code \
and behavior, the more secure our millions of users will be.<br>

<br>Such a concept is not new; we&#39;d like to give serious kudos to the folks at Mozilla for \
their long-running and successful vulnerability reward program.<br><br>Any bug filed through \
the Chromium bug tracker (under the template &quot;Security Bug&quot;) will qualify for \
consideration.&quot;</i><br>

&lt;/quote&gt;<br><br><div>Note that this does not mean that <b>all</b><i> </i>bugs reported as \
vulnerabilities get rewarded:<div><div><br></div><div>&lt;quote&gt;</div><div><i>&quot;</i><span \
class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; \
line-height: 16px; "><b><i>Q) What bugs are eligible?</i></b></span></div>

<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; font-size: \
13px; line-height: 16px; "><div><i>A) Any security bug may be considered. We will typically \
focus on </i><a href="http://dev.chromium.org/developers/severity-guidelines"><i>High and \
Critical impact bugs</i></a><i>, but any clever vulnerability at any severity might get a \
reward. Obviously, your bug won&#39;t be eligible if you worked on the code or review in the \
area in question.&quot;</i></div>

</span><div>&lt;/quote&gt;</div><div><br></div><div>Cheers,</div><div><div><br><div>SkyLined<br><div><br></div><div>Berend-Jan \
Wever &lt;<a href="mailto:berendjanwever@gmail.com">berendjanwever@gmail.com</a>&gt;<br><a \
href="http://skypher.com/SkyLined">http://skypher.com/SkyLined</a><br>

<br><br></div></div></div></div></div></div>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic