Google will begin paying bounties as high as $1,337 to researchers who privately report high-severity security bugs in its Chrome browser and Chromium open-source project.
The "experimental new incentive," which Google announced Thursday, is for external researchers only.
It addresses a key complaint among many researchers that the security of far too many applications is built on the backs of people who receive no compensation for the countless hours they spend discovering and reporting critical vulnerabilities.
"It's a step in the right direction because it's compensating security researchers for their time in looking for vulnerabilities," said Dino Dai Zovi, a researcher who last year launched a campaign with the rallying cry "No more free bugs". "A lot of companies treat vulnerabilities as accidental discoveries, which is really not the case."
From : theregister