For 1) a CSO out there wondering if it is wise to spend so many dollars, and 2) a security researcher who wonders if such a program is enough, I can add the organizational budget perspective: 1) Yes, $2M is very reasonable compared to the security value received. You could easily spend way more than that on commercial tools or services for less payback. 2) Before setting up such a program, a well-staffed internal team has to already be in place, because it is better to discover such problems internally and because very skilled people are needed to triage and act on the diverse reports that come in. The cost of that staff is way more than the award program, and hard to recruit. But top reporters are frequently top candidates. Eric Grosse, VP Security & Privacy Engineering, Google
To the same CSO Mr Grosse was talking about: as an end user, I find this model attractive. I makes me feel secure to know goldminers around me indirectly work for my benefit and does have an influence on choosing my email/mobile/IM/cloud provider.
>read about raising reward levels significantly >wait anxiously for the next batch of advisories >20th of august: stable channel update >my face when the median payout is still a measly $1,000 >nothingtodohere.gif
Great Blog!! That was amazing. Your thought processing is wonderful. The way you tell the thing is awesome. You are really a master. it security program
I need help contacting google or finding a forum to solve my issue. I am not receiving my emails. My accounts are dear to me and now they no longer receive 90% of emails. Ive done some checking and the most I can conclude is that goggle is marking me a spam email account??? WHICH I AM NOT!
7 comments :
For 1) a CSO out there wondering if it is wise to spend so many dollars, and 2) a security researcher who wonders if such a program is enough, I can add the organizational budget perspective:
1) Yes, $2M is very reasonable compared to the security value received. You could easily spend way more than that on commercial tools or services for less payback.
2) Before setting up such a program, a well-staffed internal team has to already be in place, because it is better to discover such problems internally and because very skilled people are needed to triage and act on the diverse reports that come in. The cost of that staff is way more than the award program, and hard to recruit. But top reporters are frequently top candidates.
Eric Grosse, VP Security & Privacy Engineering, Google
To the same CSO Mr Grosse was talking about: as an end user, I find this model attractive. I makes me feel secure to know goldminers around me indirectly work for my benefit and does have an influence on choosing my email/mobile/IM/cloud provider.
Thanks guys!
Google Thank You... Innovators Look like the bad guys...
Quite the opposite: The "bad" guys are hiding in the weeds.
>read about raising reward levels significantly
>wait anxiously for the next batch of advisories
>20th of august: stable channel update
>my face when the median payout is still a measly $1,000
>nothingtodohere.gif
Great Blog!! That was amazing. Your thought processing is wonderful. The way you tell the thing is awesome. You are really a master.
it security program
#8217
I need help contacting google or finding a forum to solve my issue.
I am not receiving my emails. My accounts are dear to me and now they no longer receive 90% of emails. Ive done some checking and the most I can conclude is that goggle is marking me a spam email account??? WHICH I AM NOT!
please help me if your out there.
Post a Comment