Bounty offerings for security bugs keep growing. Google is now just 10x behind both Microsoft and Mozilla on vulnerability rewards, and not 15x as before:https://security.googleblog.com/2019/07/bigger-rewards-for-security-bugs.html …
-
-
It’s cool that you are trying to help, but the team will have to explain half of the chromium bug tracker in that manner: https://www.google.com/search?q=%22reward-500%22+site:bugs.chromium.org … Heap overflows in PDFium, Skia, UaF in Webcore on N search pages. How am I supposed to be motivated to report browser bugs to G’s VRP?
-
Ah, I can explain those ones, the new rewards only started recently, and weren't applied retroactively. I think this is also true of Mozilla's program - they had a $500 program for years and didn't retroactively reissue old rewards.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
