News

Google Launches Open Source Bug Bounty Program

Photo of Daniel Zimmermann Daniel ZimmermannSeptember 1, 2022
0 54 1 minute read

This week, Google introduced a bug bounty for open source (a reward program for found vulnerabilities).

This bug bounty is intended for researchers who discover vulnerabilities in the company’s open-source projects.

Let me remind you that Google’s bug bounty programs have been running for almost 12 years, and over time they have been extended to Android, Chrome, the Linux kernel, and so on. To date, the company has paid over $38 million in rewards to researchers.

For example, we also wrote that Google expands the bug bounty program and will pay for bugs in applications with 100 million installations, and also that Mozilla extends the bug bounty program and increases rewards.

The new program is called the Open Source Software Vulnerability Rewards Program (OSS VRP), and the maximum reward that can be received under the OSS VRP is $31,337, while the minimum is $100. Also, small incentives (approximately $1,000) can be paid for “particularly clever or interesting vulnerabilities.”

Last year, open source attacks on the supply chain increased by 650% year-over-year, including issues such as Codecov and Log4Shell, which demonstrated the destructive potential that just one open source vulnerability can have.<span class="su-quote-cite">Google writes.</span>

The new bug bounty program involves any programs that were updated to the latest version from the public GitHub repositories owned by Google organizations. Third-party dependencies of such projects are also included in the program, however, in this case, researchers will need to notify not only Google:

Please report bugs to the direct owner of the vulnerable package first and ensure the issue is upstream resolved before reporting the details of the vulnerability to us.<span class="su-quote-cite">the company explains.</span>
Google is urging researchers to focus on vulnerabilities that lead to supply chain compromise, on design issues that give rise to bugs in products, and also on security issues, including credential leaks and weak passwords.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Tags
Photo of Daniel Zimmermann Daniel ZimmermannSeptember 1, 2022
0 54 1 minute read
Photo of Daniel Zimmermann

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Spies work on Twitter

Twitter’s Ex-Security Chief Claims That Spies from China and India Are Working for the Company

September 15, 2022
Reserchers discovered in Google Cloud, AWS, and Azure Explore 34 Million Vulnerabilities

Reserchers discovered in Google Cloud, AWS, and Azure Explore 34 Million Vulnerabilities

August 16, 2019

Researchers present tools for scanning computers for BlueKeep vulnerability

June 12, 2019

In common HSM modules have been discovered vulnerabilities that could lead to an attack on encryption keys

June 11, 2019

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | Adware.Guru;
Back to top button