Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.

Submission Preview

Link to Story

Security Reward Program 2015 Year in Review: Google Paid $12k to Google.com Buyer

Accepted submission by takyon at 2016-02-02 03:03:46
Techonomics

takyon [soylentnews.org] writes:

Google gave a former employee over $12,000 [bostonglobe.com] for discovering a bug that allowed him to purchase and briefly own the "google.com" domain back in September:

Last fall, Sanmay Ved thought he bought the world's most heavily trafficked site for $12, after playing around with a website registration service called Google Domains. He was amazed when his order was verified, his credit card charged, and a confirmation e-mail sent. It was a short-lived triumph. One minute later, another e-mail, telling him his order had been canceled, popped into his inbox.

Now, Google, through a posting on its online security blog [blogspot.com], has revealed the company gave Ved more than $12,000 for pointing out the bug that allowed him to buy the site.

The reward was doubled from $6,006.13 after Sanmay decided to donate the money to charity. Other highlights from Google's Security Reward Program year in review:

We launched [blogspot.com] our Android VRP in June, and by the end of 2015, we had paid more than $200,000 to researchers for their work, including our largest single payment of $37,500 to an Android security researcher.

Last year, we began to provide researchers with Vulnerability Research Grants [google.com], lump sums of money that researchers receive before starting their investigations. The purpose of these grants is to ensure that researchers are rewarded for their hard work, even if they don't find a vulnerability. We've already seen positive results from this program; here's one example. Kamil Histamullin a researcher from Kasan, Russia received a VRP grant early last year. Shortly thereafter, he found an issue in YouTube Creator Studio which would have enabled anyone to delete any video from YouTube by simply changing a parameter from the URL. After the issue was reported, our teams quickly fixed it and the researcher was was rewarded $5,000 in addition to his initial research grant. Kamil detailed his findings on his personal blog [kamil.hism.ru] in March.

[...] Tomasz Bojarski found 70 bugs on Google in 2015, and was our most prolific researcher of the year. He found a bug in our vulnerability submission form.

Original Submission