Google Doubles Bug Bounty on Chromebook -- Redmond Channel Partner

Bekker's Blog by Scott Bekker, Editor in Chief

Google Doubles Bug Bounty on Chromebook

Google is doubling its bug bounty for Google Chromebook.

Once controversial, bounty programs reward security researchers for reporting the vulnerabilities they find to the vendor rather than publishing the flaws publicly, exploiting the vulnerabilities themselves or selling them on the black market.

Google has been offering bounties since 2010, and currently calls its overall program the Google Security Reward Program. In total, the program has paid out more than $6 million since 2010, and Google disbursed $2 million last year.

However, the sub-program targeted at Google Chromebook, the Chrome Reward Program, hasn't turned up much yet in its top category, so Google is ratcheting that bounty up from $50,000 to $100,000.

"Last year we introduced a $50,000 reward for the persistent compromise of a Chromebook in guest mode. Since we introduced the $50,000 reward, we haven't had a successful submission. That said, great research deserves great awards, so we're putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool," Google said in a blog post credited to "Chrome Defender" Nathan Parker and "Hacker Philanthropist" Tim Willis.

Google Chromebook has relatively low market share, which historically has lulled vendors into a false sense of confidence about the security of the product. Like app developers who ignore Windows Phone to chase the much bigger addressable markets of the Apple App Store and Google Play, black-hat and white-hat security researchers have traditionally invested most of their time in the dominant Windows desktop OS platform.

With Chromebooks accounting for just 2.8 percent of all PCs shipped worldwide through the first three-quarters of 2015, according to IDC, Google could be enjoying that security-through-obscurity cloak.

That share is way up from Google's 2014 mark of 1.9 percent of all PCs shipped, and Google is starting to take over a vital vertical sector in the U.S. market -- K-12 education. According to a December report by Futuresource Consulting, Google Chromebooks, with their low prices, manageability and perceived security, accounted for 51 percent market share in that education market. That's a similar route to the one Apple used to achieve much wider relevance in the PC market.

Google is smart to use a small part of its cash hoard to give security researchers a much stronger incentive to really kick the tires on Google Chromebook just in case it breaks out to a much wider market share. Better to deal with major flaws when the market share is relatively tiny than to discover them later when millions or tens of millions of users are at risk.

Posted by Scott Bekker on March 16, 2016

Free Webcast! Learn about Password Management Best Practices

Featured

The 2024 Microsoft Product Roadmap

Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.
Microsoft Makes AI Push in London and Japan with Strategic Investments

Looking to further the global reach of its aggressive AI push, Microsoft made a couple of announcements this week focused on overseas initiatives and investments.
Top SMB Threats Include Ransomware and Windows Server 2012: Report

Managed services providers that support SMBs have their hands full this year: The constellation of threats targeting their customer base is more varied and harder to detect than ever.
2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Bekker's Blog by Scott Bekker, Editor in Chief

Google Doubles Bug Bounty on Chromebook

Featured

The 2024 Microsoft Product Roadmap

Microsoft Makes AI Push in London and Japan with Strategic Investments

Top SMB Threats Include Ransomware and Windows Server 2012: Report

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2024 Microsoft Product Roadmap

Microsoft Names Head of New Consumer AI Division

The Most Important Document for Partners To Read Now: CSF 2.0

Microsoft Deepens Partner Program with New Designations, More Perks

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2024 Microsoft Product Roadmap

Microsoft Names Head of New Consumer AI Division

The Most Important Document for Partners To Read Now: CSF 2.0

Microsoft Deepens Partner Program with New Designations, More Perks

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Coffee Talk: Phishing Awareness Training 101 for Partners

Security Essentials: Empowering MSPs with Datto’s Integrated Solutions

Coffee Talk: Endpoint Security 101: Threats & Strategies SMB Partners Need to Know

Automated Intelligence: Simplifying M365 Governance for MSPs

FREE WHITE PAPERS FROM OUR SPONSORS

A guide to zero trust for MSPs

Microsoft CSP Guide

10 Reasons to Bundle Security with your Managed Services

Battling Business Email Compromise