Google starts paying for the holes found in all web products.

After running around the rewards program for the found vulnerabilities on the Chromium browser, Google decided to distribute it to all its products . Now you can get from $ 500 to $ 3133.7 for found bugs in

• * .google.com
• * .youtube.com
• * .blogger.com
• * .orkut.com

The rewards program is not valid only for client applications (Android, Picasa, Google Desktop, etc.), and everything else is included in it, including Gmail, Youtube and Google Docs.

All serious bugs can apply for payment, especially

• Xss
• XSRF / CSRF
• XSSI (cross-site script inclusion)
• Authorization Bypass (User A gains access to User B private data)
• Server-side code execution or code injection

Report a found vulnerability here . The rewards program does not include the bugs in the technologies recently acquired by Google, black SEO techniques, social engineering attacks, DoS attacks, and the like.

Note that in addition to Google, only Mozilla pays for bugs found in its products. Neither Microsoft, nor Adobe, nor Oracle do this. However, recently, TippingPoint ( Zero Day Initiative program) and VeriSign ( iDefense program) are also engaged in buying information about fresh vulnerabilities, although their tariffs are unlikely to reach those offered by the black market.