In a world where everything that connects to the Internet is subject to attack, Google has approached the problem with something everyone can relate to – cash. Currently the cash rewards offered for people who discover security flaws within its Chrome browser are between $500 and $15,000. The amount you receive depends on a number of factors, including the severity of the security breach and the total possible number of users any security flaw can affect.
The bounty on bugs has paid out more than a million and a quarter dollars to discoverers to date. The enormous success of the program has resulted in an increasingly smaller number of security issues reported with the browser – a total of 700 to date. With this many flaws already known and addressed, the remaining bugs will be harder to find, so Google raised its maximum bounty price to $30,000.
The Dark Side
As always, there is a dark side to the science of discovering security flaws: other people who discover issues can take those ideas to the black market and sell them to interested parties for far more money than Google is offering. The company addresses this issue in its FAQ, appealing to potential illicit discoverers that there is more to be gained by taking the lesser of two monetary options, such as matters of conscience and personal notoriety.
This last item draws attention back to the increased reward offerings. It is agreed that Google saves millions by paying individuals to ferret out security issues rather than having to deal with the negative publicity, and the time and cost to fix the bugs. But admitting that there are people out there who would want to profit by far more than the amounts Google is offering up leads one to believe that there are known security issues that have no easy fix. That has the potential to significantly dilute the reputation of the browser’s security despite paying out the aforementioned $1.25 million.
Chrome Is The Giant
The importance of this bug rewards program and the appeal to the less-than-noble among us is significant. According to http://www.w3schools.com, Chrome has about 60 percent of the browser market, with Firefox a distant second at 24.9 percent. If the goal of Google Chrome is monopolization of the browser market, its plan is well underway. If Chrome being the most secure browser on the market is the basis for its success, then any security breach in its browser would have people abandoning it in droves.
Come And Have A Go If You Think Your Hard Enough
Google has taken the rewards program one step further by upping the amount of the reward if the research company can “provide an exploit to demonstrate a specific attack path against our users.” The reward is increased because the ante is upped due to Chrome’s dominating position in the market. No longer is discovering a security bug sufficient. The bigger money lies in how someone would use the specific bug to directly attack the users. The greater the impact, the bigger the hit Google takes financially and with Chrome’s reputation. Being number one is not all profit and glory.
Closing on a positive note, Google’s approach is beneficial to many parties from the user to the research company pocketing the cash. Presuming there will be upgrades and improvements to Chrome as the years pass, having a knowledgeable and experienced team of bug chasers makes the security of future Chrome versions more secure and stable. The strategy builds on the foundation with the goal of creating a single, safe, and reliable browser for all computers users.