Security News > 2022 > August > Find a security hole in Google's open source and you could bag a $31,337 reward
Google has created a bug bounty program that will reward those who find and report vulnerabilities in its open-source projects, thereby hopefully strengthening software supply-chain security.
The Open Source Software Vulnerability Rewards Program will pay bug hunters between $100 and $31,337, with the highest payments going to "Unusual or particularly interesting vulnerabilities," according to Googlers Francis Perron, open source security technical program manager, and infosec engineer Krzysztof Kotowicz.
"Last year saw a 650% year-over-year increase in attacks targeting the open source supply chain, including headliner incidents like Codecov and the Log4j vulnerability that showed the destructive potential of a single open source vulnerability," Perron and Kotowicz wrote.
"Google's OSS VRP is part of our $10b commitment to improving cybersecurity, including securing the supply chain against these types of attacks for both Google's users and open source consumers worldwide," they added.
In May, following a White House meeting, Google and a handful of other big tech companies announced a $30-million-plus commitment to implement a plan to improve open-source and software supply chain security.
Google announced a service called Assured Open Source Software that attempts to make it easier for enterprises to secure their open-source software dependencies.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/30/google_open_source_bug_bounty/
Related news
- Google Chrome gets a mind of its own for some security fixes (source)
- CrowdSec: Open-source security solution offering crowdsourced protection (source)
- Paid open-source maintainers spend more time on security (source)
- Certainly: Open-source offensive security toolkit (source)
- Open source maintainers: Key to software health and security (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)