Google rewards the first set of reserachers in their website bug bounty program
Early this year Google announced a bug bounty program for the Chromium browser designed to encourage and reward security researchers for privately disclosing vulnerabilities they find. The program was well received by the community and by the looks of the results, nothing less than a success. At the time of the announcement I half-jokingly poked Google via Twitter to expand the program to include their websites (*.google.com). That way the Web hackers could get in on the action.
I guess Google was listening, or more specifically those managing the bug bounty program, and kudos to them because they did exactly that! Starting last month finding and disclosing a vulnerability (legally) in a google domain nets you somewhere between $500 and $3,133.70. Over the last 30 days several members of our Threat Research Center (TRC) in their spare time jumped into the action.
Yesterday Google posted the first set of individuals who qualified for security rewards -- that is who found serious website vulnerabilities. Of the three dozen people are on the �Google Security Hall of Fame� list five are from WhiteHat Security's TRC.
- Justin Barron
- Michael Cottingham
- Phillip Purviance
- Kyle Osborn
- Matt Evans
