Saturday, 6 February 2010

Good or bad, I'm on the fence.

I was interested to see that Google is willing to offer a bounty of $500 per bug that people find in Chrome, Google's browser.

I am not sure if this is a good thing.

Whilst I admire them for having the confidence in their product to invite deliberate attempts to compromise it and find flaws the cynical part of me is thinking hold on, this is just a cheap way of QA'ing code.

I am in two minds and I can’t decide if this approach is a good or a bad idea. Sure, commercially it is a good idea, you get a multitude of amateur testers working in their spare time, for free, and all it costs is $500 for each flaw they find. Genius!

But I am worried that someone will decide it is cheaper to release minimally tested products and offer a bounty for finding flaws than to properly test it.

I am hoping I am just being cynical and all products that get released are secure and this is just a marketing ploy to grab headlines. Mind you, suppose their product is totally flawed, it could be more expensive than they anticipated!

No comments:

Post a Comment