Google pays bugbusters

Guy Clapperton

Feb 9th 2010

Text SizeAAA

Psst...want to make a few hundred dollars by breaking things? Well, now you can, and you don't even have to go and present Top Gear to do it.

What's happened is that Google has joined Firefox writer Mozilla in paying people to find bugs in its browser, Chrome. And not everybody is happy.

Pay for monkies?

The issue seems to be the amounts involved. Both companies are paying a bounty of $500 for anyone who finds a bug, although if it's a big one the cash can be better.

A number of Stateside commentators, however, are complaining that this isn't high enough. Staking a company's future on expertise that's going to work out at such a low day rate is a bad idea, they reckon.

In principle they're right. In practice there are so many hackers out there testing vulnerabilities for the hell of it, it's difficult to see the flaw in the plan. Many people try to break systems just for kicks. In fact a game writer I met once suggested the economy should be designed by gamers, because they understood that people will always try to find a weak point in a system.

So, how much?

The objectors don't seem to be coming up with an alternative pay structure, mind you. What sort of rate you should pay someone for finding out your system is vulnerable is up for debate – if you've hacked into the Pentagon, for example, you tend to get threatened with extradition rather than paid.

What this exposes is that various software companies have for some time been getting leads on how to improve their offerings for nothing. On the one hand this is great use of the social media ethic – on the other, it's a lot of effort that ends up boosting someone's share price for free.

Microsoft, meanwhile, isn't going to join in the fun. It's not that it believes its Internet Explorer browser is impregnable, far from it; it just thinks offering to pay saboteurs (effectively) inhibits a healthy ecosystem.

Add your comments

Your comments:

Remember me

E-Mail me when someone replies to this comment

Sign in with your AIM/AOL screen name to post a comment. Your screen name will be displayed with your comment. If you do not want your screen name to be displayed, please select the New Readers option above.

Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.

When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.

To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.