Only yesterday I wrote about Mozilla increasing their bug finders reward to $3000, well today Google have followed suit and increased their maximum bug finders reward to $3,133.7o for the most severe bugs researchers find in Chromium.
The sudden change in the rewards by Mozilla and Google has been sparked by some bug researchers saying that they were no longer interested in doing the vendors security work without any monetary reward.
Prominent bug researchers Alex Sotirov, Charlie Miller and Dino Dai Zovi announced their “no more free bugs” campaign, at the CanSecWest conference back in 2009. Saying vendors shouldn’t expect researchers to freely continue finding serious bugs in their software.
Miller said in an interview at the time, referring to the contestants in the Pwn2Own contest at CanSecWest. “For the amount of time he spent to do what he did on IE and Firefox, he could have found and exploited five or 10 Safari bugs. With the way they’re paying $5,000 for every verifiable bug, he could have spent that same time and resources and make $25,000 or $30,000 easily just by going after Safari on Mac.”
Via Threat Post