lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 29 Jan 2010 09:49:03 +0100
From: Berend-Jan Wever <berendjanwever@...il.com>
To: Full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Google offers up to $1337 for select Chromium
	vulnerabilities

http://blog.chromium.org/2010/01/encouraging-more-chromium-security.html

<quote>
*"Today, we are introducing an experimental new incentive for external
researchers to participate. We will be rewarding select interesting and
original vulnerabilities reported to us by the security research community.
For existing contributors to Chromium security — who would likely continue
to contribute regardless — this may be seen as a token of our appreciation.
In addition, we are hoping that the introduction of this program will
encourage new individuals to participate in Chromium security. The more
people involved in scrutinizing Chromium's code and behavior, the more
secure our millions of users will be.

Such a concept is not new; we'd like to give serious kudos to the folks at
Mozilla for their long-running and successful vulnerability reward program.

Any bug filed through the Chromium bug tracker (under the template "Security
Bug") will qualify for consideration."*
</quote>

Note that this does not mean that *all** *bugs reported as vulnerabilities
get rewarded:

<quote>
*"**Q) What bugs are eligible?*
*A) Any security bug may be considered. We will typically focus on **High
and Critical impact
bugs*<http://dev.chromium.org/developers/severity-guidelines>
*, but any clever vulnerability at any severity might get a reward.
Obviously, your bug won't be eligible if you worked on the code or review in
the area in question."*
</quote>

Cheers,

SkyLined

Berend-Jan Wever <berendjanwever@...il.com>
http://skypher.com/SkyLined

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ