Security experts say that maturing software security processes have forced hackers to find ways to bypass mitigations employed by software makers. Microsoft's data execution prevention (DEP) and address space layout randomization (ASLR) are being more widely deployed, making code execution more difficult.
Google's bug bounty program pays out between $500 and $3,133.70 for critical bugs researchers find in its Chrome browser and Web applications. In October, Google extended its bug payout program to some open-source projects. The company is initially limiting it to critical components in the Linux kernel, high-impact libraries such as OpenSSL and core infrastructure network services and image parsers. Researchers find flaws and submit the find along with a fix to the maintainers of the project, as well as work with them to have it accepted into the repository and incorporated into a shipping version of the program, Google said.
Mozilla, Yahoo, Facebook and PayPal also run flaw reward programs. Apple does not have a formal program to reward researchers for finding flaws.
PUBLISHED NOV. 5, 2013