Google Offers Cash For Bugs

Contributing Editor

Google ChromiumIs money a little tight? Is credit crunching you? If you’ve got a little hacking experience, Google is offering $500 for every new security bug you find in Chromium — the open source project behind Chrome OS and the Chrome browser.

Google has recognized that most of the interesting and unusual security bugs are spotted by programmers outside the Chromium project:

Thanks to the collaborative efforts of these people and others, Chromium security is stronger and our users are safer.

The concept of cash for bugs is not new. Mozilla offer a similar bug bounty program for security issues encountered in Firefox, Thunderbird and associated plugins or extensions.

There are several conditions to the Google program:

  1. A panel will assess which security bugs are eligible for the $500 reward. Particularly severe problems may receive an additional bonus.
  2. Only the first person to report an issue in the Chromium bug tracker will be eligible for the reward.
  3. Bugs present in Chromium, Chrome OS, Google Chrome, and extensions shipped with the browser are eligible. Bugs in third-party components such as Webkit will also be considered.
  4. Your identity can be kept secret if you so choose, but rewards cannot be issued to minors or residents of countries where the US has imposed export restrictions.

I think it’s a good idea, although the rewards should be better. Hiring knowledgeable testers is not cheap and the program is likely to find problems which would never be spotted with standard testing procedures. Contributors could spent many days finding an unusual bug only to earn less than the US minimum wage! A higher reward would also provide a greater incentive for system programmers to thoroughly test their own systems.

Wouldn’t it be great if other companies followed suit? If a certain IT giant distributed cash to those finding bugs in its OS or browser, we could all give up the day job and retire!

Read the original Google post about the reward program…

Are you tempted by Google’s bug-hunting offer?

Free book: Jump Start HTML5 Basics

Grab a free copy of one our latest ebooks! Packed with hints and tips on HTML5's most powerful new features.

  • http://www.littrean.com littrean

    “we could all give up the day job and retire!”
    That had me laughing, but it’s so true.

    And I agree, higher rewards would be much more of an incentive. It’s almost as if Google isn’t confident enough to up the stakes.

  • iRapid

    This had to be done for IE, but then they would have to fork out.

  • saunders0

    Twenty years back I was employed by ‘Big Blue’. The major customers were keen to de-bug the latest offering! Maybe the same kudos is sought by today’s users of MS & Google offerings?

    A cash reward or refund of licence fee should be a contractual obligation for all software purchasers discovering a bug. Obviously, only the first report would attract a fee. After, say, a month, without a fix all other reporters should have the option to revoke their licence and receive a full refund.

    It is a pity that Google excludes teenagers; they have the time and the ability to discover bugs and will appreciate the payout more than their salaried seniors. If there are legal limitations on paying minors perhaps the most prolific should be promised ‘work experience’ – paid at least the minimum wage?

    Alan Saunders

  • http://www.optimalworks.net/ Craig Buckler

    @Alan Saunders
    I think there is some legal problem with Google paying children and teenagers. However, the company has stated they can send payment to an adult representing the minor.

    I agree though – more companies should reward clients for finding problems with their software. Even a simple “thank you” is better than nothing.

  • vikrant malhotra

    does BUG in Google Account will also be considered?