Security News > 2022 > August > Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks
Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 to secure the ecosystem from supply chain attacks.
Called the Open Source Software Vulnerability Rewards Program, the offering is one of the first open source-specific vulnerability programs.
With the tech giant the maintainer of major projects such as Angular, Bazel, Golang, Protocol Buffers, and Fuchsia, the program aims to reward vulnerability discoveries that could otherwise have a significant impact on the larger open source landscape.
Beefing up open source components, especially third-party libraries that act as the building block of many a software, has emerged a top priority in the wake of steady escalation in supply chain attacks targeting Maven, NPM, PyPI, and RubyGems.
"Last year saw a 650% year-over-year increase in attacks targeting the open source supply chain, including headliner incidents like Codecov and the Log4j vulnerability that showed the destructive potential of a single open source vulnerability," Google's Francis Perron and Krzysztof Kotowicz said.
Earlier this May, the internet behemoth announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects.
News URL
https://thehackernews.com/2022/08/google-launches-new-open-source-bug.html
Related news
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)