Bekker's Blog by Scott Bekker, Editor in Chief

Blog archive

Google Doubles Bug Bounty on Chromebook

Google is doubling its bug bounty for Google Chromebook.

Once controversial, bounty programs reward security researchers for reporting the vulnerabilities they find to the vendor rather than publishing the flaws publicly, exploiting the vulnerabilities themselves or selling them on the black market.

Google has been offering bounties since 2010, and currently calls its overall program the Google Security Reward Program. In total, the program has paid out more than $6 million since 2010, and Google disbursed $2 million last year.

However, the sub-program targeted at Google Chromebook, the Chrome Reward Program, hasn't turned up much yet in its top category, so Google is ratcheting that bounty up from $50,000 to $100,000.

"Last year we introduced a $50,000 reward for the persistent compromise of a Chromebook in guest mode. Since we introduced the $50,000 reward, we haven't had a successful submission. That said, great research deserves great awards, so we're putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool," Google said in a blog post credited to "Chrome Defender" Nathan Parker and "Hacker Philanthropist" Tim Willis.

Google Chromebook has relatively low market share, which historically has lulled vendors into a false sense of confidence about the security of the product. Like app developers who ignore Windows Phone to chase the much bigger addressable markets of the Apple App Store and Google Play, black-hat and white-hat security researchers have traditionally invested most of their time in the dominant Windows desktop OS platform.

With Chromebooks accounting for just 2.8 percent of all PCs shipped worldwide through the first three-quarters of 2015, according to IDC, Google could be enjoying that security-through-obscurity cloak.

That share is way up from Google's 2014 mark of 1.9 percent of all PCs shipped, and Google is starting to take over a vital vertical sector in the U.S. market -- K-12 education. According to a December report by Futuresource Consulting, Google Chromebooks, with their low prices, manageability and perceived security, accounted for 51 percent market share in that education market. That's a similar route to the one Apple used to achieve much wider relevance in the PC market.

Google is smart to use a small part of its cash hoard to give security researchers a much stronger incentive to really kick the tires on Google Chromebook just in case it breaks out to a much wider market share. Better to deal with major flaws when the market share is relatively tiny than to discover them later when millions or tens of millions of users are at risk.

Posted by Scott Bekker on March 16, 2016


Featured

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Google To Acquire Cloud Startup Wiz for $32 Billion

    Google has announced a pending agreement to acquire Wiz Inc., a cloud security platform, in an all-cash deal worth $32 billion.

  • FTC Expands Microsoft Antitrust Investigation Under Trump Administration

    The Federal Trade Commission (FTC) is pressing ahead with a broad investigation into Microsoft's business practices, an inquiry that began in the final weeks of the Biden administration.

  • Microsoft to Shut Down Skype Services

    Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.

Most   Popular