Following in the footsteps of Mozilla, Google issued a statement yesterday in their Chromium blog that they are implementing a reward system for developers who find bugs in the Google Chrome web browser in an attempt to lure more users in the Chromium community.
While Mozilla offers up to $500 for bug reports, Google will offer a base reward of $500 to anyone who submits an eligible bug. If a user finds a severe or clever bug, Google will pay up $1337 (surely appealing to all of our inner geeks) to the developer who discovers it.
Flaws must be submitted through the Chromium bug tracker, and all submissions will be considered by a panel of engineers. That includes bugs in Chromium, Chrome and plug-ins such as Google Gears.
The statement claims that some of the most interesting security bugs were discovered by third party developers, and that by offering such an incentive system, the browser wil be more secure. This will also be an ongoing program, with no ending deadline. Participating researchers are asked not to publicly reveal the bug prior to reporting to Google: "responsible disclosure is a two-way street and Google admits their job will be to fix the reported issues in a reasonable time frame."
This is definitely a good thing for open source developers, as there are definitely many open source applications which are maintained by people who receive no money for doing so.
25 Comments - Add comment