Google's security team have invited researchers to try their hand at demonstrating an attack on almost any of its web properties, including google.com, youtube.com, blogger.com and orkut.com.
"Any Google web properties which display or manage highly sensitive authenticated user data or accounts may be in scope," its security team explained.
The program extends a previous campaign that rewarded researchers for discovering security flaws in its Chrome browser.
Like that vulnerability program, Google is offering payment to researchers who find a bug, however it almost doubled the upper limit for finding "unusually clever" bugs.
The base offer, as for Chrome, is US$500 while the new top reward is US$3,133, two thousand more than under Chrome.
Bugs in scope include cross-site scripting flaws, bypassing its authorisation controls and "server side ... command injection".
Not surprisingly, Google's said its own corporate infrastructure was "definitively excluded".
Other attacks it didn't want researchers to launch against it included denial of service bugs, attacks on web properties hosted by third parties, and recently acquired technologies.
Also out of scope were its client applications such as Android, Picasa and Google Desktop.
.jpg&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
Melbourne Cloud & Datacenter Convention 2026
.jpg&h=271&w=480&c=1&s=1)
_(1).jpg&h=140&w=231&c=1&s=0)
