Re: [Full-disclosure] OT Google raises sploit bounties

[Michal Zalewski <lcamtuf@xxxxxxxxxxx>]

> I would be interested what bounties they would pay
> for operation Аврора or for a botnet of say 1M host.

Reward amounts are public; for example, here are the rules for the web
app program:

http://www.google.com/about/appsecurity/reward-program/

Neither malware on user machines nor attacking employees is within
scope, though: the program is mostly about recognizing original
research into potential design and implementation flaws in our code.

We occasionally decide to extend rewards of some sort to people who
report very interesting or sensitive issues that fall outside the
scope of the existing programs, but we don't offer Microsoft-style
bounties for identifying malware authors, etc.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/