In January 2015, Google launched an experimental program called Vulnerability Research Grants to complement the long-running Vulnerability Reward Program, with the goal of rewarding security researchers who verify the security of Google products and services, even in the case when no vulnerabilities are found.
As a regular reporter to the
English version
Vor zwei Jahren startete Google sein Vulnerability Reward Program und bezahlt seitdem Findern sicherheitsrelevanter Fehler in seinen Web-Anwendungen Belohnungen. In Summe wurden bisher $704.909,50 (Stand Dez. 2012) ausbezahlt. Obwohl Google bei Spenden den eigentlichen Reward verdoppelt, wurden bisher lediglich $25.825 (Quelle S.42) an gemeinnützige
Recently Adam Mein spoke at AppSec USA 2012 and Kevin Stadmeyer at SysScan 360 in Beijing about Google's experience with the Web Vulnerability Reward Program. Both are Security Program Manager at Google.
* 31 October 2011 - Bug Bounty Panel with Adam Mein at OWASP AppSec 2012 (Video, Transcript)
* 13 December
I'm very excited, because the Google Security Team has launched new Application Security pages, including a new Hall of Fame called 0x0A list.
Now all related security informations are bundled to a central page.
The table below lists the top 10 superstar perform,er since Google launched the vulnerability reward
In the last months I found several XSS vulnerabilities in Google's Gmail. All bugs are now fixed in a very short time. Currently Gmail has around 350 Mio. users and it's clear that Google taking a lot of efforts to protect their users.
* Safebrowsing
* Google's Security Tools
* 2-Step-Verification
* Vulnerability Reward
Update 04/29/12: This blog post leads to a persistent XSS bug within InformationWeek.com
(screenshot), because Charlie Miller has tweeted about it. :-)
Update 05/02/12: InformationWeek has fixed the issue.
I contribute to the Google Vulnerability Reward Program since November 2010 now and I found a