Uninzi lwenu luya kwazi, Inkqubo ye-Chrome Vulnerability Bounty ivuza abantu ngokufumanisa kunye nokuxela ngokuthe ngqo imiba yokhuseleko lomkhangeli zincwadi.
UGoogle wazisa kutshanje, kwiposti kwibhlog yakhe yokhuseleko, leyo ngoku inyusa izixa ngokubanzi ye "Chrome Vulnerability Bounty Program," kunye nomvuzo weengxelo ezikumgangatho ophezulu eziye zanda ukuya kwi-$ 30,000 kunye nebhonasi yokufumana ukuchasana kwi-Chrome OS ihlaziywe kwi-$ 150,000.
UGoogle uthi Amagqabantshintshi okunyuka kweebhonasi ze-bug abandakanya ukuphinda kathathu umvuzo omkhulu kwingxelo ebizwa ngokuba "yisiseko" eneenkcukacha ezincinci kakhulu ukusuka kwi-5,000 ukuya kwi-15,000 yeedola.
Umvuzo omkhulu wengxelo ebizwa ngokuba yi "high quality", kunye nolwazi oluninzi oluchazayo, umzekelo, indlela abahlaseli abanokusebenzisa ngayo i-bug, yintoni imvelaphi yayo okanye ingasonjululwa njani, iphindwe kabini. Ukusuka kwi-15,000 yeedola ukuya kwi-30,000 yeedola, ngokwenqaku lebhlog yoKhuseleko lweChrome.
Esona sixa sikhulu sisekho ngenxa yokufunyanwa kobuthathaka kwiChrome OS, Iqonga lesoftware likaGoogle leChromebook okanye iChromebox.
Kweli nqanaba, I-Google inyuse umvuzo wayo ukuya kwi-150,000 yeedola kubaphandi abaya kutyhila uhlaselo olunokuphazamisa i-Chromebook okanye i-Chromebox. Iibhugi zokhuseleko ezifunyenwe kwi-firmware kunye / okanye ezivumela abahlaseli ukuba badlule i-Chrome OS yokutshixa isikrini nabo bavelise iibhonasi, ngokutsho kwebhlog.
UGoogle wenze inkqubo yakhe yebug bounty ukusukela ngo-2010. Ukuza kuthi ga ngoku, uGoogle ufumene ngaphezulu kweengxelo ze-bug ze-8,500 kwaye uhlawule i-5 yezigidi zeedola kubaphandi. Utshintsho lokuqala kwisiseko samabhaso lwenziwa ngoSeptemba 2014, iminyaka emine emva kokusungulwa kwenkqubo.
Kwaye ngelo xesha, inkqubo yeGoogle ye-Chrome bug ihlawule ngaphezulu kwe-1.25 yezigidi zeedola kubaphandi bokhuseleko abafumene ngaphezulu kwe-700 bugs kwisikhangeli sayo, kodwa uGoogle wafumanisa ukuba ayanelanga. Kwiminyaka emihlanu kamva, inani leengxelo liye landa ukusuka kwi-700 ukuya kwi-8.500 kwaye i-Google yagqiba ekubeni iphindwe kathathu.
Ukongeza kokunyuka okukhankanywe ngasentla, Hambai-ogle inyuse nemivuzo yovavanyo lwe-fuzz (okanye uvavanyo olungenamkhethe), ubuchule bokuvavanya isoftware ekwasetyenziswa ngabazingeli bebug ukujula idatha engacwangciswanga kumagalelo.
Imveliso yesoftware ngenjongo yokufumana amangeniso ayingxaki. Ngokutsho kweposti yebhlog, "Ibhonasi eyongezelelweyo yeebugs ezifunyenwe yi-fuzzers eqhuba inkqubo ye-Chrome Fuzzer iphindeke kabini ukuya kwi-1,000 yeedola."
Ukonyuka kukwachaphazele iimali ezihlawulwe kubaphandi ngenkqubo yembuso yokhuseleko ye-Google Play.
Enyanisweni, iibhonasi ze-bug zokwenza ikhowudi ekude zinyuke ukusuka kwi-$ 5,000 ukuya kwi-$ 20,000, ukubiwa kwedatha yangasese engakhuselekanga ukusuka kwi-$ 1,000 ukuya kwi-$ 3,000, kunye nokufikelela kumacandelo esicelo akhuselweyo ukusuka kwi-$ 1,000 ukuya kwi-$ 3,000.
Ukongeza, ukuba ubhengeza ubuthathaka kubaphuhlisi beapp abathatha inxaxheba ngendlela "enoxanduva", uya kufumana ibhonasi, ngokukaGoogle.
Apha ngezantsi kuluhlu olutsha olwandisiweyo kunye netafile yebhonasi yebug. Iibhonasi ezifanelekileyo zebug zihlala phakathi kwe-$500 kunye ne-$150,000.
Kwaye le ntshukumo ijolise ekufumaneni iingxelo ezandleni zakho kuqala, njengoko iinkampani zobuchwepheshe zingavuzi kuphela abazingeli bezinambuzane, kodwa oorhulumente kunye nabaphuli-mthetho bahlawulela ubuthathaka, abanokusebenzisa kwimisebenzi efana nobuntlola kunye nobusela besazisi.
Kwiposti yebhlog, UGoogle uphinde wayicacisa into ayijonga njengengxelo ekumgangatho ophezulu kwaye wahlaziya iindidi zebug ukwenza kube lula kubaphandi.
"Sikwayicacisile into esiyithathela ingqalelo ingxelo ekumgangatho ophezulu, ukunceda iintatheli ukuba zifumane owona mvuzo uphakamileyo, kwaye siye sahlaziya iindidi zeempazamo ukuze zibonise ngcono iintlobo zeempazamo ezixelwayo kwaye eyona nto inomdla kuthi," utshilo. yatsho inkampani.
UGoogle uthi oku kunyuswa kwabazingeli be-bug be-Chrome kuya kusebenza kwizingeniso ezingeniswe emva kwebhlog yayo. Iinkcukacha ezithe vetshe malunga nokwanda zifumaneka apha.
Umthombo: https://security.googleblog.com/
Ndiyixela njani ingxaki?