Google to pay Rs 25 lakh to spot bugs in its open source projects


New Delhi, Aug 31 (IANS): Google has launched a new bug bounty programme where it will award up to $31,337 (nearly Rs 25 lakh) to researchers who spot vulnerabilities in the company's Open Source projects.

Depending on the severity of the vulnerability and the project's importance, rewards will range from $100 to $31,337.

The larger amounts will also go to unusual or particularly interesting vulnerabilities, "so creativity is encouraged," said Google while launching its Open Source Software Vulnerability Rewards Programme (OSS VRP).

As the maintainer of major projects such as Golang, Angular, and Fuchsia, Google is among the largest contributors and users of open source in the world.

Last year, Google saw a 650 per cent year-over-year increase in attacks targeting the open source supply chain.

With the addition of Google's own vulnerability reward programme (VRP), researchers can now be rewarded for finding bugs that could potentially impact the entire open source ecosystem.

The original VRP programme was one of the first in the world and is now approaching its 12th anniversary.

"Over time, our VRP lineup has expanded to include programmes focused on Chrome, Android, and other areas. Collectively, these programs have rewarded more than 13,000 submissions, totalling over $38 million paid," Google said in a statement late on Tuesday.

Google said its OSS VRP is part of "our $10 billion commitment to improving cybersecurity, including securing the supply chain against these types of attacks for both Google's users and open source consumers worldwide".

 

  

Top Stories


Leave a Comment

Title: Google to pay Rs 25 lakh to spot bugs in its open source projects



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.