Google offers web app bug-bounty

Summary:Google will start to pay researchers for flaws found in Google web applications, the company has announced.Google will pay between $500 (£300) and $3,133.

Google will start to pay researchers for flaws found in Google web applications, the company has announced.

Google will pay between $500 (£300) and $3,133.70 for qualifying bugs, the Google security team said in a blog post on Monday.

Flaws that could lead to the disclosure of sensitive data in sites such as Google, YouTube, Blogger, and Orkut could be liable for reward, said Google. Researchers should not launch denial of service or other attacks against Google infrastructure, said the company.

"Please, only ever target your own account or a test account," said the blog post. "Never attempt to access anyone else's data. Do not engage in any activity that bombards Google services with large numbers of requests or large volumes of data."

Researchers from Cuba, Iran, North Korea, Sudan and Syria will not be paid for any disclosures, as the countries are part of US sanctions lists, said Google.

The initiative follows the launch of a similar payment system Google launched for the disclosure of flaws in the Chromium web browser in January.

Security company F-Secure said in a blog post on Monday that Google's Android mobile operating system was not included in the bug-bounty programme.

"The program only covers Google's web-based properties so far, so any enterprising researchers looking for bugs in the shiny new target of the year — i.e., Android — won't get paid for it," said the company. "Still, Google has left the door open for later expansion of the program, so who knows."

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.