One year Google web vulnerability research

Adam Mein from the Google Security Team shared today some stats from the VRP of the last 12 months. The facts about one year VRP: $429.000 paid to around 200 researcher for 750qualifying bugs. Roughly half of the bugs that received a reward were discovered in software written by

XSS on Google.com

I found yesterday a persistent XSS on http://www.google.com. Google Security filled a bug after 32 minutes. I will provide more informations about the bug after a fix is released. Very short response times are the normal case for Google's Security Team. Timeline Initial Report: 24. June 2011,

Google Drive Rumors

Today we can find several signs that Google Drive is arriving in the next weeks. I'v found some hints about Google Drive on docs.google.com in a javascript file: cg="My Google Drive" lma="Remove from My Google Drive" qma="Restore to My Google Drive" lba=" items haved been