$2.674 from Google for a solar plant in Tanzania

In January 2015, Google launched an experimental program called Vulnerability Research Grants to complement the long-running Vulnerability Reward Program, with the goal of rewarding security researchers who verify the security of Google products and services, even in the case when no vulnerabilities are found. As a regular reporter to the
XSS bei Google - insgesamt $4600 für Schulen in Afrika

XSS bei Google - insgesamt $4600 für Schulen in Afrika

English version Vor zwei Jahren startete Google sein Vulnerability Reward Program und bezahlt seitdem Findern sicherheitsrelevanter Fehler in seinen Web-Anwendungen Belohnungen. In Summe wurden bisher $704.909,50 (Stand Dez. 2012) ausbezahlt. Obwohl Google bei Spenden den eigentlichen Reward verdoppelt, wurden bisher lediglich $25.825 (Quelle S.42) an gemeinnützige
News about Google's Vulnerability Reward Program

News about Google's Vulnerability Reward Program

Recently Adam Mein spoke at AppSec USA 2012 and Kevin Stadmeyer at SysScan 360 in Beijing about Google's experience with the Web Vulnerability Reward Program. Both are Security Program Manager at Google. 31 October 2011 - Bug Bounty Panel with Adam Mein at OWASP AppSec 2012 (Video, Transcript) 13 December

Google's "0x0A List"

I'm very excited, because the Google Security Team has launched new Application Security pages, including a new Hall of Fame called 0x0A list. Now all related security informations are bundled to a central page. The table below lists the top 10 superstar perform,er since Google launched the vulnerability reward

Cross-Site-Scripting in Google Mail

In the last months I found several XSS vulnerabilities in Google's Gmail. All bugs are now fixed in a very short time. Currently Gmail has around 350 Mio. users and it's clear that Google taking a lot of efforts to protect their users. Safebrowsing Google's Security Tools 2-Step-Verification Vulnerability Reward

Ethiopia gets a new school - thanks to a XSS in Google+

Update 04/29/12: This blog post leads to a persistent XSS bug within InformationWeek.com  (screenshot), because Charlie Miller has tweeted about it. :-)   Update 05/02/12: InformationWeek has fixed the issue. I contribute to the Google Vulnerability Reward Program since November 2010 now and I found a