Just four days after Mozilla announced it was increasing the bounty paid for critical security bugs in its software to $3,000, Google has upped the ante, saying that it will now pay $3133.70 for the most severe bugs researchers find in Chromium.
"The maximum reward for a single bug has been increased to $3,133.7. We will most likely use this amount for SecSeverity-Critical bugs in Chromium. The increased reward reflects the fact that the sandbox makes it harder to find bugs of this severity," Chris Evans, a Google security researcher, said in a blog post. "Whilst the base reward for less serious bugs remains at $500, the panel will consider rewarding more for high-quality bug reports. Factors indicating a high-quality bug report might include a careful test case reduction, an accurate analysis of root cause, or productive discussion towards resolution."

The sudden change in the price paid for bugs by both Mozilla and Google can be seen as a consequence of the stance taken by some researchers who have said that they're no longer interested in doing the software vendors' security work for them without any monetary reward. Prominent researchers such as Alex Sotirov, Charlie Miller and Dino Dai Zovi have said in the last year that vendors shouldn't expect researchers to continue finding serious bugs in their software and then wading through what can be a long process from reporting to patching to disclosure.

The link for this article located at ThreatPost is no longer available.