diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Google’s Experimental Vulnerability Reward Program for Google Web Properties

Google introduces an experimental new vulnerability reward program that applies to Google web properties. Here’s some info about the new program in a question and answer format:

Q) What apps are in scope?

A) Any Google web properties which display or manage highly sensitive authenticated user data or accounts may be in scope. Some examples:

  • *.google.com
  • *.youtube.com
  • *.blogger.com
  • *.orkut.com

Q) What classes of bug are in scope?

A) Any serious bug which directly affects confidentiality or integrity of user data. We anticipate most rewards will be in bug categories such as:

  • XSS
  • XSSI (cross-site script inclusion)
  • Bypassing authorization controls (e.g. User A can access User B’s private data)
  • Server side code execution or command injection

These categories of bugs are definitively excluded:

  • attacks against Google’s corporate infrastructure
  • social engineering and physical attacks
  • denial of service bugs
  • non-web app vulnerabilities, including vulnerabilities in client apps
  • SEO blackhat techniques
  • vulnerabilities in Google-branded websites hosted by 3rd parties
  • bugs in technologies recently acquired by Google

More Info: Google security and product safety


Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...