In its latest bug bounty programme, Google will pay up to $31,337 (about Rs 25 lakh) to researchers who find security holes in the company’s Open Source projects.
Rewards will vary from $100 to $31,337 depending on the seriousness of the vulnerability and the significance of the initiative.
Google announced the commencement of its Open Source Software Vulnerability Rewards Program, saying that the greater sums will also go to uncommon or exceptionally intriguing flaws, “so innovation is encouraged” (OSS VRP).
Google is one of the biggest donors to and consumers of open source in the world, serving as the manager of important projects including Golang, Angular, and Fuchsia.
Attacks on the open source supply chain increased by 650% last year, according to Google.
Researchers can now be compensated for discovering flaws that may have an impact on the whole open source ecosystem thanks to the advent of Google’s own vulnerability reward programmer (VRP).
Ahead of its 12th anniversary, the original VRP programmer was among the first in the globe.
“Our VRP range has grown over time to include programmes targeted for Chrome, Android, and other platforms. Together, these initiatives have given out more than $38 million in rewards for more than 13,000 applications “In a late Tuesday statement, Google claimed.
As part of its $10 billion commitment to enhancing cybersecurity, Google claimed its OSS VRP “includes safeguarding the supply chain against these sorts of assaults for both Google’s users and open source consumers globally.”