Google Offers Bounties for Finding Chrome Bugs

As I have mentioned many times in our news section in the past, I’m a big fan of open-sourced software and use it where able. Because I use Linux as my primary operating system, most of the software I use is free and open-sourced, but even for Windows, a lot of what I use there is as well. There are many reasons I like open-sourced software, but if I had to choose just one, it’s that I simply like the “open” nature of software.

Open-sourced software carries a multitude of potential benefits, but one of the most commonly discussed is with the price. Most open-sourced software is completely free to the end-user, which is a major perk for obvious reasons. But more importantly, open-sourced software is called that because the source code is made available to everyone. That in itself brings on extra benefits, such as increased security.

It makes sense, too. If there are just 5 people working on building a house, it might be easy to overlook a potential issue. If you have 20 people working on the house, though, chances skyrocket that if there’s a potential issue, it will be picked up by someone. Open-sourced software is the same… with so many eyes peering into the code, security holes aren’t bound to last for too long.

But we reach a potential problem. Aside from helping the community, what good does it do someone to find a bug, serious or not? Other than a thanks from the community, maybe not much. But, back in 2004, Mozilla came up with an idea to help encourage this bug-hunting, which involved awarding the bug-finder a $500 prize. Not a bad idea, huh? It looks like Google agrees, as it has also just announced plans to do pretty much the same thing with its Chrome Web browser.

Google has spiced things up just a wee bit, though, because if someone finds a rather serious bug, they’ll be awarded not $500, but $1,337. Yes, I guess finding a major bug could indeed be considered leet. This kind of program is great to see though, because while these bugs may be hard to find, knowing that there’s a reward out there for finding them is the equivalent of a good virtual push. It will be interesting to see just how successful this is for Google over time. Hopefully the company will unveil numbers down the road, because I’m sure I’m not the only one who would be curious as to the success.

“While we have a bunch of great engineers at Google who spend their whole day trying to break into Chrome, we know there are lots of smart people outside of the company and we want their help too,” Evans said in an e-mail reply to questions Friday. “We always know we can do more.” About ten bugs submitted in 2009 would have been rewarded with a bounty payment had the program been in place, Evans added.