From InfoWorld: Google has expanded its bug bounty programs to cover the company's official mobile applications, and is seeking to stimulate vulnerability research on particular products by offering money in advance to bug hunters.
The company launched an experimental Vulnerability Research Grants program Friday, through which it will pay researchers to look at specific categories of products regardless of whether this results in any issues being discovered.
Google's existing vulnerability reward programs that pay researchers for individual security flaws found in Chrome or the company's online services have been hailed as a great success. In 2013, the company also launched a program though which it rewards security fixes made in third-party open-source software that's deemed critical for the Internet infrastructure.
"Researchers' efforts through these programs, combined with our own internal security work, make it increasingly difficult to find bugs," Google security engineer Eduardo Vela Nava said Friday in a blog post. "Of course, that's good news, but it can also be discouraging when researchers invest their time and struggle to find issues. With this in mind, today we're rolling out a new, experimental program: Vulnerability Research Grants. These are up-front awards that we will provide to researchers before they ever submit a bug."
View: Article @ Source Site
