November 6th, 2010 | Author: iceman | Tags: Blogger, Google, Make Money, Security, YouTube
Google is offering money to anyone who can identify security holes across it’s web properties such as Google Search, YouTube, Orkut and Blogger. At this point, the program is limited to web properties only. Google has indicated that in the future, the company may include software which runs on user’s local machine.
“As well as enabling us to thank regular contributors in a new way, we hope our new program will attract new researchers and the types of reports that help make our users safer,” Google’s security team wrote in its blog.
One could earn $500, if they were the first to report that particular bug. Rewards rang from $500 to $3,133.70. One could also donate the winning prize to a charity, and if they did, Google will match the amount. It is subject to Google’s discretion.
The type of bugs Google is looking for include XSRF/CRSF, XSSI (cross script inclusion), bypassing authorization codes, and server side code execution or command injection. Categories that are not considered at this point include attacks against Google’s corporate infrastructure, social engineering and physical attacks, denial of service bugs, non-web application vulnerabilities, SEO blackhat moves, vulnerabilities in third party websites, and bugs in technologies recently acquired by Google.
“It’s difficult to provide a definitive list of vulnerabilities that will be rewarded, however, any serious bug which directly affects the confidentiality or integrity of user data may be in scope,” Google wrote on its blog.
There is a word of warning for would be prize winners, “Please, only ever target your own account or a test account. Never attempt to access anyone else’s data. Do not engage in any activity that bombards Google services with large numbers of requests or large volumes of data”, Google wrote on its blog.
People from United States sanctions list countries; Cuba, Iran, North Korea, Sudan and Syria are not allowed to enter this program. This program is also not open to minors.
Google further explains that, “This is not a competition, but rather an experimental and discretionary rewards program. You should understand that we can cancel the program at any time, and the decision as to whether or not to pay a reward has to be entirely at our discretion.
People interested in finding more about this program should contact Google Security team through this page.