Google has announced a new bug bounty program that offers between $100 and $31,337 (around Rs 7,954 and Rs 25 lakh) for finding security flaws in the tech giant's open-source projects.
The program is called the Open Source Software Vulnerability Rewards Program (OSS VRP) and major open-source projects from Google's stable (Angular, Fuchsia and Golang) are included in it.
Other projects hosted publicly on platforms such as GitHub are covered as well. Google detailed the criteria for bug hunters and these include supply chain vulnerabilities, design issues that lead to attacks and other sensitive issues that may lead to credential leaks or insecure platforms.
The top rewards are reserved for more sensitive projects like Bazel, Angular or Protocol Buffers.
"Depending on the severity of the vulnerability and the project’s importance, rewards will range from $100 to $31,337," Google wrote in a blog post.
"The larger amounts will also go to unusual or particularly interesting vulnerabilities, so creativity is encouraged," the post added.
Google said that it will expand the list to include more open-source projects after the initial rollout.
"Google has been committed to supporting security researchers and bug hunters for over a decade," Google's information security engineer Krzysztof Kotowicz wrote.
"Over time, our VRP lineup has expanded to include programs focused on Chrome, Android, and other areas. Collectively, these programs have rewarded more than 13,000 submissions, totaling over $38M paid," Kotowicz added.
He said in the last year, Google saw a 650 percent year-over-year increase in supply-chain attacks including incidents involving Codecov and Log4j.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
