Google pays cash to hackers for Web app security flaws

Google is trying to boost security through a program that pays hackers for discovering exploits in its popular Web services

Wanted by Google: Bounty-hunting hackers who can find security vulnerabilities in popular Web apps.

For security researchers who find flaws in Internet services like Gmail, Blogger and YouTube, Google will reward $500 or more per bug. Vulnerabilities that are "severe or unusually clever" pay up to $3,133.70. Optionally, benevolent hackers can also donate their rewards to charity, in which case Google will match the winnings at its discretion.

Bug-hunting researchers will also be credited on Google's security page.

To keep Web services running smoothly, Google is excluding bugs caused by denial of service attacks and search optimization tricks. Technologies recently acquired by Google are also off-limits.

This isn't the first time Google has opened up security research to the masses with cash rewards. In January, the company announced a bounty program for Chromium, the open-source project behind Google's Chrome Web browser, following the lead of Mozilla's Firefox bounty program.

The move to Web apps, however, is an important and logical step for Google. The company is putting a lot of faith in Web apps as the future of computing, as evidenced by the upcoming Chrome OS. If users are going to store more and more sensitive information into online services, those services need to be secure.

In the future, Google may expand the program to client applications such as Android, Picasa and Google desktop. Let's hope that happens soon; analysis firm Coverity recently found 88 high-risk defects in the Android kernel.

Join the CSO newsletter!

Error: Please check your email address.

Tags firewallsonline securityhackersGmailnetwork securityGooglesecurityyoutube

More about GoogleMozilla

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jared Newman

Latest Videos

More videos

Blog Posts