Bekker's Blog

Blog archive

Google Doubles Bug Bounty on Chromebook

Google is doubling its bug bounty for Google Chromebook.

Once controversial, bounty programs reward security researchers for reporting the vulnerabilities they find to the vendor rather than publishing the flaws publicly, exploiting the vulnerabilities themselves or selling them on the black market.

Google has been offering bounties since 2010, and currently calls its overall program the Google Security Reward Program. In total, the program has paid out more than $6 million since 2010, and Google disbursed $2 million last year.

However, the sub-program targeted at Google Chromebook, the Chrome Reward Program, hasn't turned up much yet in its top category, so Google is ratcheting that bounty up from $50,000 to $100,000.

"Last year we introduced a $50,000 reward for the persistent compromise of a Chromebook in guest mode. Since we introduced the $50,000 reward, we haven't had a successful submission. That said, great research deserves great awards, so we're putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool," Google said in a blog post credited to "Chrome Defender" Nathan Parker and "Hacker Philanthropist" Tim Willis.

Google Chromebook has relatively low market share, which historically has lulled vendors into a false sense of confidence about the security of the product. Like app developers who ignore Windows Phone to chase the much bigger addressable markets of the Apple App Store and Google Play, black-hat and white-hat security researchers have traditionally invested most of their time in the dominant Windows desktop OS platform.

With Chromebooks accounting for just 2.8 percent of all PCs shipped worldwide through the first three-quarters of 2015, according to IDC, Google could be enjoying that security-through-obscurity cloak.

That share is way up from Google's 2014 mark of 1.9 percent of all PCs shipped, and Google is starting to take over a vital vertical sector in the U.S. market -- K-12 education. According to a December report by Futuresource Consulting, Google Chromebooks, with their low prices, manageability and perceived security, accounted for 51 percent market share in that education market. That's a similar route to the one Apple used to achieve much wider relevance in the PC market.

Google is smart to use a small part of its cash hoard to give security researchers a much stronger incentive to really kick the tires on Google Chromebook just in case it breaks out to a much wider market share. Better to deal with major flaws when the market share is relatively tiny than to discover them later when millions or tens of millions of users are at risk.

Posted by Scott Bekker on March 16, 2016


Featured

  • Salesforce To Acquire Informatica in $8 Billion Deal

    Salesforce announced on Tuesday it plans to acquire data management firm Informatica for $8 billion.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft Gives Orgs More Power to 'Tune' AI Agents

    At its Build 2025 conference this week, Microsoft unveiled significant advancements aimed at empowering enterprises to create more sophisticated AI agents.

  • Build 2025: Microsoft Charts Wider Path for AI Agents

    At Build 2025, Microsoft unveiled its strategic vision for the future of AI agents, emphasizing the development of autonomous systems capable of performing complex tasks across various applications.