Google Pays $31,000 for Three Chrome Vulnerabilities
Google is paying bug bounties. This is important; there's a market in vulnerabilities that provides incentives for their being kept secret and exploitable; for Google to buy and patch them makes us all more secure.
The U.S. government should do the same.
Posted on May 1, 2013 at 1:58 PM
Google paying for bug bounties has the main effect of increasing the prices that intelligence agencies, bot herders, and other blackhats pay for 0days. These guys will always buy the best (most exploitable, hardest to fix) vulns. If the vulnerability finders need cash, they can always sell their second-tier vulns to Google. So this will result in more vulnerabilities being fixed before they're exploited, but probably won't affect the high-end trade at all (other than increasing prices).
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.