Google increases vulnerability bounties to $20,000

[ronjor]

Quote:

On its Online Security Blog, Google has announced that the company will be increasing its bounties for serious code execution bugs found in production versions of Google products to $20,000 (about £12,400). It will also be paying $10,000 for less severe vulnerabilities like SQL injection flaws as well as $3,133.37 for other vulnerabilities such as cross-site scripting exploits.

http://www.h-online.com/security/new...0-1547221.html

[funkydude]

Are there any negatives to doing this? I personally think more companies like MS and Apple should do this, why wouldn't they want to?

[Page42]

Quote:

Originally Posted by funkydude

Are there any negatives to doing this? I personally think more companies like MS and Apple should do this, why wouldn't they want to?

I see no negatives whatsoever.
Pure incentive with positive results for the software.
Why wouldn't they want to is a good question.
They definitely should want to, but obviously don't want to.
Only thing I can think of (as to why they don't want to) would relate to MS culture.
Perhaps anyone who speaks out in favor of reform or innovation is demoted and eventually fired.
Maybe everyone is too busy covering their backs, and in the process, have forgotten how to recognize and implement basic improvement.
Maybe there are way too many managers who are in reality roadblocks to success.
Maybe they don't want to 'copy' Google... to do so in their eyes might be tantamount to admitting they have lost something.
Just best-guessing here.