With the release of Chrome 15, Google paid out a record $26,000+ dollars to security researchers. With that kind of money being thrown around, you might be wondering how much these various bug bounty programs are paying out.
NibbleSecurity has published their attempt to catalog all public and active incentives for bugs or vulnerability/exploit acquisition programs in the name of the “No More Free Bugs” philosophy. The No More Free Bugs stance, started in 2009, attempts to increase the number of companies that participate in rewarding security researchers who responsibly disclose bugs. The unofficial catalog covers all sorts of companies like Barracuda, Facebook, Google, Mozilla, and TippingPoint ZDI.
It’s interesting to see how some companies assign a price tag to finding and fixing bugs and how much they are paying out.
You can see NibbleSecurity’s “No More Free Bugs” Initiatives table at http://blog.nibblesec.org/2011/10/no-more-free-bugs-initiatives.html