February 2, 2010 – In a bit of news that seems to have slipped under the radar, the Google Chrome Security Team announced, via The Chromium Blog, that an incentive program has been established to solicit and encourage the assistance of external researchers in the continuous improvement of the Google Chromium browser. What is the goal? They hope to identify potential security problems that may exist in current versions of the company’s flagship browser, known as Chromium, and correct them for future releases. According to Chris Evans, of Google Chrome Security, a number of previously fixed bugs have been identified and submitted by third-parties. In the January 28, 2010 post, Evans writes, “Thanks to the collaborative efforts of these people and others, Chromium security is stronger and our users are safer.”
Based on the potential benefit of external assistance, Google will offer rewards starting at $500, for the identification and submission of bugs to the company’s team. Qualifying bugs are those that exist in Google Chrome, Google Chromium, and plugins that are included by default. Excluded from the program are bugs that stem from third-party plugins, extensions, and applications, as well as those stemming from a non-Google operating system. In the case of reports from multiple sources, rewards will be given to the submitter with the earliest date and time of submission. Potential bugs must be submitted through the Chromium Bug Tracker page and using the “Security Bug” template. In addition to highlighting the incentive program, Evans also indicated that the company is looking to hire a permanent Information Security Engineer to work with the Google Chrome project.
Though Google is not the first to offer incentives for the identification of software and operating system bugs, the initiative should still be applauded, since it is aimed at providing a more secure and stable operating environment for computer users around the world. Hopefully, those with the “know-how” will receive the word (feel free to share this article forward), spend some time making computing more secure, and make a few dollars in return. For complete details on the program visit The Chromium Blog.
