Salted Hash — IT security news
About this Blog:
IT security news analysis, over easy!
Why Boba Fett would work for Google
In the Star Wars universe, Boba Fett is the faceless, cold bounty hunter who hauled Han Solo's carbonite-encased behind to Jabba the Hutt. In the real world, if Boba were a vulnerability hunter, he might find in Google a better-paying client than the big slug.
My colleague Gregg Keizer reported this morning that Google just paid a bug hunter $3,133 for reporting a single flaw in Chrome. From his article:
Google patched 16 vulnerabilities in Chrome on Thursday, paying one researcher a record $3,133 for reporting a single bug. The flaws fixed in Chrome 8.0.552.334 were in several components, including the browser's support for extensions, its built-in PDF viewer, and CSS (cascade style sheet) processing.
Thirteen of the bugs were labeled as "high" threats, Google's second-most-serious rating, and two were pegged "medium." Only one was tagged as "critical."
As it always does, Google locked its bug tracking database to bar outsiders from reading the technical details of the just-patched vulnerabilities. The company usually opens access to a flaw later -- sometimes within weeks, often only after months -- to give users time to update before the information goes public.
Researcher Sergey Glazunov was credited with reporting the single critical vulnerability, described by Google as a "stale pointer in speech handling." A "stale pointer" is a bug in an application's memory allocation code.
Glazunov was the first researcher to take home Google's biggest bounty.
"We're delighted to offer our first 'elite' $3133.7 Chromium Security Reward to Sergey Glazunov," said Jason Kersey, a Chrome program manager, in a post to Chrome release blog .
Last July, Google raised its top dollar payout from $1,337 to $3,133, making the move less than a week after rival Mozilla boosted Firefox bug bounties to $3,000.
I give Google a lot of credit for doing this. It shows the search giant isn't afraid to expose their own warts and then burn 'em off in front of everyone.
It shows they learned from the mistakes Microsoft made early last decade. In fact, though Microsoft does an excellent job at security today, it still slips up over bug finds, as I mentioned last week.
If Jabba the Hutt were for real, I bet he wouldn't pay as much for flaws in his own software.
--Bill Brenner
My colleague Gregg Keizer reported this morning that Google just paid a bug hunter $3,133 for reporting a single flaw in Chrome. From his article:
Google patched 16 vulnerabilities in Chrome on Thursday, paying one researcher a record $3,133 for reporting a single bug. The flaws fixed in Chrome 8.0.552.334 were in several components, including the browser's support for extensions, its built-in PDF viewer, and CSS (cascade style sheet) processing.
Thirteen of the bugs were labeled as "high" threats, Google's second-most-serious rating, and two were pegged "medium." Only one was tagged as "critical."
As it always does, Google locked its bug tracking database to bar outsiders from reading the technical details of the just-patched vulnerabilities. The company usually opens access to a flaw later -- sometimes within weeks, often only after months -- to give users time to update before the information goes public.
Researcher Sergey Glazunov was credited with reporting the single critical vulnerability, described by Google as a "stale pointer in speech handling." A "stale pointer" is a bug in an application's memory allocation code.
Glazunov was the first researcher to take home Google's biggest bounty.
"We're delighted to offer our first 'elite' $3133.7 Chromium Security Reward to Sergey Glazunov," said Jason Kersey, a Chrome program manager, in a post to Chrome release blog .
Last July, Google raised its top dollar payout from $1,337 to $3,133, making the move less than a week after rival Mozilla boosted Firefox bug bounties to $3,000.
I give Google a lot of credit for doing this. It shows the search giant isn't afraid to expose their own warts and then burn 'em off in front of everyone.
It shows they learned from the mistakes Microsoft made early last decade. In fact, though Microsoft does an excellent job at security today, it still slips up over bug finds, as I mentioned last week.
If Jabba the Hutt were for real, I bet he wouldn't pay as much for flaws in his own software.
--Bill Brenner
WEBCAST
Transition Confidently to the Cloud
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
WHITE PAPER
Magic Quadrant for Enterprise Information Archiving
Gartner evaluates vendors offering products and services that provide archiving for email, files and other content types.
Recent Comments
Webcasts
White Papers
