Daily Tech News, Interviews, Reviews and Updates

Google introduces a new Bug Bounty Program for company’s open source projects

On Tuesday, Google launches a new bug bounty program for rewarding security researchers who discover and report flaws in the company’s open source projects.

As part of the latest Open Source Software Vulnerability Rewards Program (OSS VRP), Google offers bug bounty payouts of up to $31,337. The lowest vulnerability reward will be $100.

Small bonus increases, roughly $1,000 may be awarded for mainly clever or interesting vulnerabilities. For almost 12 years, Google has been operating its VRP and has expanded it in time, to cover Android, Chrome, Linux kernel, and other areas.

To date, the company has paid over $38 million in bug bounty rewards to the reporting researchers. Focused on open source software, the new program is there to address the risks associated with supply chain compromise.

Google notes that the last year saw a 650% year-over-year rise in attacks aiming at the open source supply chain, including headliner incidents like Codecov and Log4Shell, showing the destructive possibility of a single open source vulnerability.

The internet giant considers all updated software available in the public repositories of Google-owned GitHub organizations as being within the scope of the OSS VRP. It also includes the third-party dependencies of these projects, but researchers will have to send a notification prior to the dependency, security week reports.



Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
You might also like

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More