Friday, February 10, 2012
Google Expands the Scope of Its Vulnerability Reward Programs to Cover Chromium OS
According to the Google security engineer,the efforts of the wider security community have increased Chromium's stability and robustness. Google has now decided to expand the scope of its Chromium security rewards program in order to also reward researchers who discover high-severity vulnerabilities in Chromium OS, a Linux-based OS built around the browser.
This is an important decision for the company, because Chromium OS has a large code base and much of it was borrowed from Linux and other open source projects. This means that the likelihood of vulnerabilities being discovered in the entire OS is significantly higher for the Chromium browser.
Google believes that software vendors would benefit from setting up similar security rewards programs. "Over time, these programs can help companies build better relationships with the security research community," Mein said.
"By setting up a rewards program, a vendor can identify vulnerabilities that their own developers might have missed," said Marius Gabriel Avram, a security engineer at U.K.-based vulnerability management firm RandomStorm. "This makes the Internet safer for all users."
During the last couple of years, Avram has reported vulnerabilities in Web services operated by companies like Google, Facebook, Twitter, Microsoft or Mozilla, some of which operate vulnerability reward programs. Without a doubt, such programs improve communication between vendors and security researchers, which in turn helps get security issues addressed quicker, he said.
Full Article: http://www.pcworld.com