Don’t be surprised if any security researchers you know start canceling meetings and spending more lunches at their computers. Google’s set out to attract their attention by increasing the maximum reward for finding a Chrome bug to $3,113.70.
The maximum reward used to be $1,337.00, meaning the change works out to a 233 percent increase. Also, in terms of the play on words Google’s trying to make, the change means altering the nature of the prize from "leet" to "eleet."
Of course, Google’s not just handing out the money. A post on the Chromium Blog informed researchers, "We will most likely use this amout [sic] for SecSeverity-Critical bugs in Chromium. The increased reward reflects the fact that the sandbox makes it harder to find bugs of this severity." (A side note: too bad there aren’t rewards for finding typos.)
But the post then noted, "Whilst the base reward for less serious bugs remains at $500, the panel will consider rewarding more for high-quality bug reports. Factors indicating a high-quality bug report might include a careful test case reduction, an accurate analysis of root cause, or productive discussion towards resolution."
So again, it looks like security experts have a strong incentive to do a little work for Google.
That could pay off if Chrome’s reputation improves to the point it’s able to draw significantly more users away from Internet Explorer and Firefox.