back to article Google pays $65k to shutter 23 Chrome bugs

Google has patched 42 vulnerabilities including 23 contributed by external researchers earning them US$65,000 (£54,030, A$83,732) in rewards. The patches reported by external researchers cover nine high-, 10 medium- and four low- severity holes. Half of the payouts went to prolific Polish pwner Mariusz Mlynski who scored US$ …

  1. Sandtitz Silver badge

    Outsourcing the security

    [Google spokesman]: "Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity or LibFuzzer."

    Begs the question: why doesn't Google use these free tools to check their code?

    Is it cheaper to dish out perhaps $200K a year to these hackers than to do it in-house?

    1. Mark 85 Silver badge

      Re: Outsourcing the security

      I'm thinking it's a fresh set of eyes outside the corporate politics and BS we all know happens. At least I would hope that's why.

    2. a_yank_lurker Silver badge

      Re: Outsourcing the security

      Fresh set of eyes as noted earlier which means a fresh set of tests and ideas. Google is at least admitting that they, like all other software providers, tend to be blind to certain bugs. This is natural. No matter how good, one will not think of all the weird ways the code be stressed.

    3. DryBones

      Re: Outsourcing the security

      These are payouts for the bugs those and whatever else Google uses in-house, didn't find.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021