To entice security researchers to look for holes in the Chrome browser, Google has announced it will pay $500 for bugs found in the code. But several experts say that’s not enough money to motivate skilled vulnerability researchers.
“I think it’s ridiculous,” Charlie Miller, a senior security researcher at Independent Security Evaluators, said when asked Monday for his opinion of Google’s new bug bounty program. “It’s insulting. It’s so low.”
Under Google’s new “experimental” incentive program, announced last week, people will get paid $500 for select interesting and original security vulnerabilities discovered in Chrome, or $1,337 for particularly severe or clever bugs. That figure refers to the geek term for elite, or “leet,” which can be spelled out using the numbers.
Mozilla pays $500 to researchers who find valid security bugs in the Firefox browser, the Thunderbird e-mail client, or the Mozilla suite.