+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Google Buys Secret Chrome Vulnerabilities From College Research Associate For $31,000

May 2, 2013, 02:34 IST

The world of computer software vulnerabilities and exploits is a lucrative one.

Advertisement

So found Ralf-Philipp Weinmann, a research associate at the University of Luxembourg's Interdisciplinary Centre for Security, Reliability and Trust, when he reported three Chrome vulnerabilities to Google's "bug bounty" program.

Gregg Keizer of Computer World, who noticed the record $31,336 payout on Google's blog, notes that "All three of the vulnerabilities were labeled 'High,' the second-most-serious ranking in Chrome's four-step scoring system."

He also notes that there are usually two responses from IT professionals who find exploits: contact the company and possibly get a reward — or go public with the vulnerability.

Those who go public say they do so to make these companies more honest and more motivated to find the exploits on their own.

Advertisement

Yet publicizing these exploits can lead to stiff penalties: Andrew 'Weev' Auernheimer is currently serving a two-year sentence for turning over the details of an AT&T exploit to a Gawker reporter.

There's an darker side too, of shadowy corporations and mercenary hackers around the globe who sell exploits to organizations that may or may not be engaged in malevolent operations.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article