The MOARTLS journey continues! Looking forward to next year https://security.googleblog.com/2025/10/https-by-default.html
| Twitter (lol) | @notyetsecure |
| Website (old) | https://notyetsecure.com |
Chris Thompson
- 61 Followers
- 45 Following
- 14 Posts
Security and usability engineer, experimenter, &c, working on Google Chrome Security.
makeworld
AmyHi everyone — especially browser security researchers! Today we’ve announced some pretty significant changes to the Chrome VRP reward structure and amounts. This was all built with the purpose of incentivizing deeper and ever more impactful research of Chromium security issues.
I wrote a little blog about it here: https://bughunters.google.com/blog/5302044291629056/chrome-vrp-reward-updates-to-incentivize-deeper-research
We wanted to acknowledge the challenges faced and skills required to find the more complex and impactful issues in Chrome, especially when it comes to demonstrating the full exploitability and impact.
We hope these changes are helpful inspiring to browser security researchers and signal our continued investment in working with you to make Chrome more secure for all users.
@adamshostack Reading through this made me think about CA incident reports (and resulting discussion/analysis in venues like m.d.s.p.), or at least the idealized form of them. The same mistake Cruise made comes up a lot where CAs fail to proactively share all relevant information and get dinged more for failure to do good incident response/withholding information than for the initial incident itself. Good CA incident reports can be a bit rare but can also be deeply enlightening.
Anil DashHooray! Better streets for all humans. https://gothamist.com/news/third-avenue-redesign-kicks-off-next-week-with-upgrades-for-bikes-buses-and-pedestrians
Intent to ShipBlink: Intent to Ship: HTTPS Upgrades https://t.co/msFK2oJcTP
Hello. To make things a bit less empty, please enjoy this photo of my cat with a felt egg.