LinkBack URL
About LinkBacksThe tech giant announced that it was going to pay people discovering bugs in its Android devices up to $40,000. This will be the first extension of its bug bounty program to Google’s mobile OS.
Google also launched a new program to make sure that 3rd-party software on the Android OS is secure – this will be done by urging developers to stop using outdated programming libraries in their applications.
According to Google, most security research is still focused on legacy systems, which the company is trying to move by encouraging security researchers to focus their energy on mobile. This is how Android Security Rewards was launched, aimed to follow the success of a similar program for Chrome web browser. Last year, Google paid out over $1.5m to security researchers.
Under the program, developers can claim the “bug bounty” by showing vulnerabilities affecting Google’s Nexus 6 and Nexus 9. Due to the fragmentation of the Android market, the company is not able to verify whether the bugs affecting other Android devices are the fault of Android or manufacturer additions. The rewards vary from $500 for just detecting a minor bug up to $38,000 for a serious flaw presented alongside a proof-of-concept remote exploit and a patch to fix the bug.
Another Google security program called Project Zero resulted in a minor amount of controversy due to its practice of releasing proof-of-concept exploits for other companies’ gadgets. Project Zero aims to detect flaws that were previously unknown and then disclose them to manufacturers, providing the latter with a 90-day time limit to fix them. In case the manufacturer fails to issue a fix, the group just discloses the vulnerability to everyone in order to spur companies into speeding up their security patches.
However, it should be noted that Google practices what it preaches: its representatives confirmed that Android vulnerabilities are also sought out by Project Zero. They had to clarify that if Project Zero identifies a bug, Google is given a deadline and has a right to operate within that deadline, just like everyone else. The tech giant pointed out that it hasn’t yet missed a deadline. The company “absolutely believes” in making manufacturers respond quickly.
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
-
06-23-2015 #1Extreme User
- Reputation Points
- 42493
- Reputation Power
- 100
- Join Date
- May 2014
- Posts
- 7,971
- Time Online
- 87 d 5 h 16 m
- Avg. Time Online
- 34 m
- Mentioned
- 576 Post(s)
- Quoted
- 180 Post(s)
- Liked
- 4129 times
- Feedbacks
- 173 (100%)
Google Will Pay for Detecting Android Bugs
Reply With Quote
