back to article Google revamps bug bounty program

Google has revealed that its bug bounty program – which it styles a "Vulnerability Reward Program" – has paid out for 11,055 bugs found in its services since 2010. 11,055 bugs seems like a lot, but it's not out of step with other vendors. Microsoft's monthly Patch Tuesday packages regularly fix over 100 flaws, while Oracle's …

  1. Mike 137 Silver badge

    "11,055 bugs found in its services since 2010"

    On average, that's about three a day. That makes me quite nervous.

    1. Charlie Clark Silver badge

      Re: "11,055 bugs found in its services since 2010"

      Would you feel less nervous if they didn't tell you.

      1. Mike 137 Silver badge

        Re: "11,055 bugs found in its services since 2010"

        "Would you feel less nervous if they didn't tell you."

        No, I'd be forced to think the worst as I've been involved in trying to solve this problem for several decades and watched it get worse despite massive efforts to control it. Maybe the nature rather than the extent of those efforts needs to be reconsidered.

    2. DS999 Silver badge

      And that's just

      The ones that outsiders found who told Google and qualified for payment. How many were found that weren't reported to Google? How many did Google find on its own? How many were found by other companies that might not be eligible for the bounties but still decided to be nice and report to Google? How many bugs that once identified and they knew what to look for had the same exact same bug multiple places in the same product/software? Multiple places in different product/software?

      I suspect that three per day is just the tip of the iceberg.

  2. elsergiovolador Silver badge

    Maths

    29,000,000 / 11,000 = ~2,636 of their currency per bug

    I mean why would anyone bother...

    1. Charlie Clark Silver badge

      Re: Maths

      For a very few reporting bugs might earn them a living, for many it's a hobby but for a few it might also be the way to a new career, in which case the costs might be compared with other ways of finding new employees.

  3. Charlie Clark Silver badge

    Flawed comparison

    The comparisons with Microsoft and Oracle compare total bugs with those reported from others. You'd hope the companies would also be finding some themselves.

  4. HildyJ Silver badge
    Windows

    Gamification

    This all seems to be an improvement in what was already a good program.

    Except gamification. I hate the gamification of anything that's not a game. As an old fuddy-duddy, it just grinds my gears.

    1. Dinanziame Silver badge
      Trollface

      Re: Gamification

      Have an upvote to make you feel better

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021