Google will pay whoever reports bugs in its open source software 

There are rewards of up to 31 thousand dollars, Google will pay whoever reports bugs in its open source software

Google will now pay security researchers who find and report bugs in the latest versions of Google’s open source software (Google OSS). This will be done through the Vulnerability Reward Program (VRP ) that the company has announced.

This program focuses on Google software and repository setup . For example, in software available in public repositories on GitHub that are owned by Google, as well as in some repositories on other platforms.

Google will pay whoever reports bugs in its open source software 

Of course, to get the payment money that Mountain View offers, the bug reports will have to be sent first to the owners of the vulnerable packages , so that the problems are addressed by themselves, before reporting the findings to Google. .

“The biggest prizes will go to vulnerabilities found in the most sensitive projects: Bazel, Angular, Golang, Protocol buffers, and Fuchsia” Google said today.

Importance of failures in the supply chain

The focus of the Google OSS Vulnerability Bounty Program is the security flaws that would have the most significant impact on the software supply chain.

Specifically, the company encourages researchers to focus on vulnerabilities that could compromise the supply chain, design issues that cause product vulnerabilities, and security issues such as credential leaks , weak passwords, or hacks. unsafe facilities.

When we talk about supply chain attacks , attackers compromise the security of a third party and thereby manage to infiltrate the systems that use their services.

Depending on the severity level of reported bugs and the importance of the project, final rewards range from $100 to $31,337.

According to Google, “in addition to a reward, you can receive public recognition for your contribution. You can also choose to donate your reward to a charity for double the original amount.”

Astrid Sandoval

ByAstrid Sandoval

In her role as Services Product Manager, Astrid's primary responsibility is to update the company's ProSupport Suite for PCs. She has spent the bulk of her 20 years at Dell in customer service positions in Services and IT. Astrid is delighted to include new technological features in the ProSupport Suite for PCs since she has a strong interest in convenient technologies. She attended the University of Texas, where she earned her BA and BS, and Texas State University, where she earned her MBA.Also has been an active member of the cryptocurrency community since 2018. She has a passion for Bitcoin, open-source code, and decentralized applications.

Leave a Reply

Your email address will not be published. Required fields are marked *