Chrome Bug Hunters Made Big Money

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Want a part time job that pays $145,000? Start looking for bugs in Google Chrome and you are all set. Heck, one guy made almost $145,000 doing it:

•$60000 to Sergey Glazunov for bug 117226 •$3133.7 to Sergey Glazunov for bug 68666 •$3133.7 to Sergey Glazunov for bug 83275 •$2000 + $500 to Sergey Glazunov for bug 98053 •$2000 + $500 to Sergey Glazunov for bug 99512 •$2000 + $500 to Sergey Glazunov for bug 99750 •$2337 to Sergey Glazunov for bug 93906 •$2337 to Sergey Glazunov for bug 96047 •$2337 to Sergey Glazunov for bug 96885 •$2000 to Sergey Glazunov for bug 93416 •$2000 to Sergey Glazunov for bug 95671 •$2000 to Sergey Glazunov for bug 117550 •$1337 to Sergey Glazunov for bug 35724 •$1337 to Sergey Glazunov for bug 45400 •$1337 to Sergey Glazunov for bug 50553 •$1337 to Sergey Glazunov for bug 65764 •$1337 to Sergey Glazunov for bug 70165 •$1000 + $1000 to Sergey Glazunov for bug 73196 •$1000 + $1000 to Sergey Glazunov for bug 73595 •$1000 + $1000 to Sergey Glazunov for bug 74991 •$1000 + $1000 to Sergey Glazunov for bug 77463 •$1000 + $500 to Sergey Glazunov for bug 73746 •$1000 + $500 to Sergey Glazunov for bug 74562 •$1000 + $500 to Sergey Glazunov for bug 75170 •$1000 + $500 to Sergey Glazunov for bug 79199 •$1000 + $500 to Sergey Glazunov for bug 89520 •$1000 + $500 to Sergey Glazunov for bug 90222 •$1000 + $500 to Sergey Glazunov for bug 91598 •$1000 + $500 to Sergey Glazunov for bug 97451 •$1000 + $500 to Sergey Glazunov for bug 97520 •$1000 + $500 to Sergey Glazunov for bug 97615 •$1000 + $500 to Sergey Glazunov for bug 97784 •$1000 + $500 to Sergey Glazunov for bug 98407 •$1000 to Sergey Glazunov for bug 39985 •$1000 to Sergey Glazunov for bug 39047 •$1000 to Sergey Glazunov for bug 50515 •$1000 to Sergey Glazunov for bug 51835 •$1000 to Sergey Glazunov for bug 48437 •$1000 to Sergey Glazunov for bug 50386 •$1000 to Sergey Glazunov for bug 66560 •$1000 to Sergey Glazunov for bug 68178 •$1000 to Sergey Glazunov for bug 68181 •$1000 to Sergey Glazunov for bug 68558 •$1000 to Sergey Glazunov for bug 65577 •$1000 to Sergey Glazunov for bug 68641 •$1000 to Sergey Glazunov for bug 68263 •$1000 to Sergey Glazunov for bug 68741 •$1000 to Sergey Glazunov for bug 71595 •$1000 to Sergey Glazunov for bug 70442 •$1000 to Sergey Glazunov for bug 73066 •$1000 to Sergey Glazunov for bug 74030 •$1000 to Sergey Glazunov for bug 75801 •$1000 to Sergey Glazunov for bug 83743 •$1000 to Sergey Glazunov for bug 87453 •$500 to Sergey Glazunov for bug 53361.
 
Wow, that's a lot more bugs than I would have expected from a professionally-built software package. It's no wonder Google is turning to outside help since, with a list like that, it can't have any confidence in its own developers. :(
 
Wow, that's a lot more bugs than I would have expected from a professionally-built software package. It's no wonder Google is turning to outside help since, with a list like that, it can't have any confidence in its own developers. :(

....and that's just one dude. :eek:
 
Wow, that's a lot more bugs than I would have expected from a professionally-built software package. It's no wonder Google is turning to outside help since, with a list like that, it can't have any confidence in its own developers. :(

I don't look at it that way. It's called this guy makes a living by breaking software and finding holes. He'll do things that the devs would never think of.

I'm more interested in what the bugs really are. Are they "bugs" or are they security holes?

One of Mr. Glazunov's bugs was worth $60,000 but I can't view that bug (403 error). The guy below him has a $60K winner as well and while it says it has to do with pre-rendering when you click into the link to get into the meat of the bug you aren't allowed to see it.

I'd love to be able to see the $60K bug versus a $500 bug.
 
I don't look at it that way. It's called this guy makes a living by breaking software and finding holes. He'll do things that the devs would never think of.

Exactly, the bugs are there because the dev couldn't see it in the first place. Its a smart move to actually get some other minds to hunt for the bugs instead.

Its got nothing to do with trusting the dev's ability, its simply getting different people who thinks differently to increase the chances of discovering an obscure bug.
 
Wow, now THAT is the way to keep your application awesome! I can imagine if they were crappy $25 per bug/security hole, there wouldn't be much interest. But those are really great incentives!
 
Also, think of it like this: google is buying 0-day exploits instead of letting that info get into the hands of black hats and nefarious organizations.
 
Also, think of it like this: google is buying 0-day exploits instead of letting that info get into the hands of black hats and nefarious organizations.
Very true... Where else do you get PAID for your exploits?
 
I don't look at it that way. It's called this guy makes a living by breaking software and finding holes. He'll do things that the devs would never think of.

I'm more interested in what the bugs really are. Are they "bugs" or are they security holes?

One of Mr. Glazunov's bugs was worth $60,000 but I can't view that bug (403 error). The guy below him has a $60K winner as well and while it says it has to do with pre-rendering when you click into the link to get into the meat of the bug you aren't allowed to see it.

I'd love to be able to see the $60K bug versus a $500 bug.

I guess that's a good point. I'm just surprised that there are such a large number of ways to exploit the browser. Of course, I'm sure its just as bad with other software products (Adobe?) but when you see them all stacked together, it's pretty shocking.
 
Wow, that's a lot more bugs than I would have expected from a professionally-built software package. It's no wonder Google is turning to outside help since, with a list like that, it can't have any confidence in its own developers. :(

It's good that they are doing this and more companies should do the same. Google isn't 'special' in the number of bugs, it's just they are more transparent with them. Unreported bugs are still bugs. This is good for users, good for Google, and good for the guy that finds them, more companies should follow suit.
 
Wow, that's a lot more bugs than I would have expected from a professionally-built software package. It's no wonder Google is turning to outside help since, with a list like that, it can't have any confidence in its own developers. :(

I can only assume you aren't a developer and are thus very, very naive. That list is *tiny*
 
Just another reason why I like chrome over exploder
Interesting. Where can I find this "exploder" product?

If you pay them...they will find them.
Yup!

Exactly, the bugs are there because the dev couldn't see it in the first place. Its a smart move to actually get some other minds to hunt for the bugs instead.

Its got nothing to do with trusting the dev's ability, its simply getting different people who thinks differently to increase the chances of discovering an obscure bug.
This, all day. Programming is not as simple as a lot of people seem to think.
 
Sometimes you can't see the forest for the trees and vice versa.

It does seem kind of weird to give a 60 k cheque for one bug though ( as opposed to hiring a bughunter for year? )
 
It does seem kind of weird to give a 60 k cheque for one bug though ( as opposed to hiring a bughunter for year? )

I'm sure google realizes their current method is much better. If you pay per bug, then that is what you will receive. If you hire someone and pay them to show up hoping that they find bugs, aside from showing up who knows what you'll get.

Plus it's not like every bug was found by one guy, thus leaving it open like this ensures that many eyes will remain on task hoping to produce so they can cash in.
 
Back
Top