Google boosts bounties for open source flaws found via fuzzing

2023-02-01 23:01

Google sweetened the potential pot to $30,000 for bug hunters in its open source OSS-Fuzz code testing project.

On Wednesday, Google increased bounties for fuzzing coverage projects, and added rewards for some FuzzBench integrations.

The new sanitizers must find at least two legit vulnerabilities in an open source project, and the max payout for this new rewards category is also $11,337.

"These changes boost the total rewards possible per project integration from a maximum of $20,000 to $30,000," Google Oliver Chang explained in a blog about the updates.

Last year, Google launched the OpenSSF FuzzIntrospector tool and integrated it into OSS-Fuzz.

OSS-Fuzz Rewards is part of Google's broader Patch Rewards Program that incentivizes finding and fixing security flaws in open source security.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/02/01/google_fuzz_rewards/

#google #opensource

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Google		141	996	4895	2855	1622	10368