|
 At first blush, it would seem I’d be ideally suited for a job “breaking” Google. After all, I am a breaker of many things: dishes, glassware, lawn furniture, toys, eyeglasses, electronics, expensive pottery…the list goes on. While I could certainly use the $150,000 the tech giant offers to anyone willing to take on the task of breaking them, so to speak, it seems that Google isn’t in search of my variety of clumsiness. They are, instead, in search of someone much more sophisticated and adept than the bumbling antics I bring to the table.
Since 2010, Google has been paying folks to “break” stuff as part of their Chrome Vulnerability Rewards Program. Since its inception, the program has paid out in excess of $5 million to those who were able to locate security holes in Google code. However, Google is now offering a maximum individual payout of $150,000 for users who find security holes in Google code. This is in addition to a raise for those submitting high quality reports and baseline reports of Google code vulnerabilities.
The reward, or bug bounty, as it’s called, for high-quality reports has increased, moving from $15,000 to $30,000 while baseline reports have tripled to $15,000. To distinguish between the two types of reports, baseline reports only require a minimized test and no need to establish that exploitation is possible, whereas a high quality report requires a minimized test case, analysis determining root cause, a recommended patch and evidence that exploitation is likely.
Since its inception, the program has received a total of 8,500 reports.
And that number can expect to jump once I figure out how to compose, at the very least, a baseline report….
| 
Re: Google Paying People to Break Their "Stuff"
