Even companies that have a large team dedicated to security can let leaks slip through the cracks sometimes.
No matter how big your organization is, there will be a slip up along the way.
It is just the nature of things.
No one body or organization can secure everything.
Can You Break Chrome?
Google realizes this so they have offered a bounty on one of their most prized piece of software, Chrome.
Chrome is Google’s open sourced browser offering and they want hackers to search the insides and try to exploit it.
If they are successful in finding a major exploitable bug in the system they will pay them $500 for their trouble.
The bounty alone may not be a big enough prize to go looking for a bug in that huge code base, but the bounty along with the recognition, is.
Google is not the first company to ever pay hackers to look for bugs in their software.
As a matter of fact, it has become a trend in recent years for companies to do just that.
Open Source Software Needs Hackers?
Especially software that just happens to be open sourced.
Mozilla, the parent company of the open sourced firefox browser, also pays hackers to go looking for serious bugs in their code.
The program has been successful so far and is causing other companies to duplicate their success.
Offering the hackers a prize for finding a hole in the software not only allows them to get paid for their hard work, but it also keeps them from selling the information to the bad guys (though it could be said that the bad guys pay more).
This is a very important incentive.
If you have a big hole sitting in your software, and the bad guys learn how to exploit it before you can fix it, you could have a very serious problem.
So, paying someone to head this off, is very much worth it in the long run.
As I said earlier, there is more than the money involved when it comes to finding holes in Chrome.
Recognition Can Be Worth Its Weight In Gold
There is also the recognition that you receive for finding a hole.
It is a lot of software developers dreams to be able to work at a company such as Google.
This includes a lot of hackers as well.
Getting this type of recognition from Google is probably the second best thing.
Even if they do not dream of working there, finding a serious exploit in Chrome will still allow their names to be known in the security community.
It is nice to see Google taking such an interest in the security of their browser.
It is extra efforts such as these, that help an open sourced browser stay the safer alternative.
It is the few eyes that Microsoft has with Internet Explorer, versus the community.
The community will win every time.