This week, social news platform Reddit announced the launch of a public bug bounty program…
Let me remind you that Google’s bug bounty programs have been running for almost 12 years, and over time they have been extended to Android, Chrome, the Linux kernel, and so on. To date, the company has paid over $38 million in rewards to researchers.
For example, we also wrote that Google expands the bug bounty program and will pay for bugs in applications with 100 million installations, and also that Mozilla extends the bug bounty program and increases rewards.
The new program is called the Open Source Software Vulnerability Rewards Program (OSS VRP), and the maximum reward that can be received under the OSS VRP is $31,337, while the minimum is $100. Also, small incentives (approximately $1,000) can be paid for “particularly clever or interesting vulnerabilities.”
The new bug bounty program involves any programs that were updated to the latest version from the public GitHub repositories owned by Google organizations. Third-party dependencies of such projects are also included in the program, however, in this case, researchers will need to notify not only Google:
Downloads-adblocker.com is a site that tries to force you into subscribing to its browser notifications…
Oohpicmuch.live is a domain that tries to force you into subscribing to its browser notifications…
Tolakibs.xyz is a site that tries to force you into subscribing to its browser notifications…
Makejugash.live is a site that tries to force you into subscribing to its browser notifications…
Nifadorb.xyz is a site that tries to trick you into subscribing to its browser notifications…
Web-amanda.com is a site that tries to force you into subscribing to its browser notifications…