I can make many times the maximum reward provided here by weaponizing what I find in the popular projects mentioned, and providing disinformation and bug obfuscation to appear to fix it and take your money as well. Given the fact that a massive portion of bug finders feed directly into the arsenals of nation states and other malicious actors, it would REALLY be doing the world a favor if you paid enough to cause someone who knows about the bugs in this software to come forward about it. Because right now the electronic arms buyers are outbidding you by a dramatic margin.
This is seriously cool and decidedly non-evil! Maybe at later stage you can consider to contribute to bug bounties (e.g. at https://www.bountysource.com/) as well?
10 comments :
This is *awesome*.
This is *awesome*.
Could Google consider extending the program to widely used name server implementations such as nsd and Unbound and IMAP/POP3 implementation Dovecot?
I can make many times the maximum reward provided here by weaponizing what I find in the popular projects mentioned, and providing disinformation and bug obfuscation to appear to fix it and take your money as well. Given the fact that a massive portion of bug finders feed directly into the arsenals of nation states and other malicious actors, it would REALLY be doing the world a favor if you paid enough to cause someone who knows about the bugs in this software to come forward about it. Because right now the electronic arms buyers are outbidding you by a dramatic margin.
What is a vulnerability? We regularly find new bugs. What errors are the vulnerabilities? :)
Errors detected in Open Source projects by the PVS-Studio developers through static analysis: http://www.viva64.com/en/examples/
Awesome. I had a similar idea the other day, but that would have involved sponsor companies putting money into a pool. Good job Google.
Woot! Google taking initiative once again! These sort of fixes are long past due.
thanks for the wonderful blog .
Good job Google.
Adobe Acrobat X Software Download
This is seriously cool and decidedly non-evil! Maybe at later stage you can consider to contribute to bug bounties (e.g. at https://www.bountysource.com/) as well?
hi how about i find a vulnerability . but i dont have a patch(explanation only). is this still valid?
Post a Comment