Bounties have proved an affective way of tackling security issues with software in the past, since it incentivises the kind of people who hunt out such things to report them, rather than using it to disrupt service or exploit people. Google has clearly been paying attention to that, as it’s now set up a new reward system for anyone that can find bugs in its Android platform. And it’s offering as much as $38,000 to those that point them out.
That works out to just over £24,000; hardly a small sum. However Google knows this will prove an effective scheme, since it previously used a similar one to help stamp out bugs in its Chrome browser. In 2014 alone, it paid out over $1.5 million in rewards to security researchers and hackers with various hats on, according to the Guardian.
Any flaws that are spotted will need to affect both Google’s Nexus 6 and 9 devices, as it has stated that any problems found in other manufactures’s handsets may be the fault of them and not Google’s operating system. It’s also not offering a $38,000 payout for anyone that points out even the most minor of issues. Those researchers will receive rewards of $500 or so, but the big ones will absolutely be in the five figures range.
The idea, Google said, was that people could theoretically make a career out of attempting to hack into Google’s Android platform, as just two or three bugs discovered in a one year period could be enough for a modest income.
As part of this announcement on improving security, Google also said it was going to be encouraging third party app makers to stop using outdated programming libraries. This prevents the majority of research being focused on contemporary platforms and contemporary bugs. Instead, legacy issues tend to crop up the most, which is something Google wants to put a stop to, or at least reduce.
KitGuru Says: Schemes like this just make me want to step into a ’90s hacking movie. They were so exciting. The fast typing, the sub-culture feel to it all. The fact that the hackers are always inexplicably good looking.
Image source: Droidcon Global