Skip to content
Home ยป Google will pay anyone who uncover security flaws in its open source projects.

Google will pay anyone who uncover security flaws in its open source projects.

Google Security flaws

Google pays security experts who uncover security flaws in its products. It’s better to prevent problems than to address them after a hack or attack. Google is expanding VRP to open-source projects. Researchers can submit bugs and vulnerabilities that affect Google’s open-source ecosystem and get compensated.

Google established this scheme because hackers consider open-source software as attack vendors. According to the firm, attacks on open-source supply chains increased by 650% in 2021 over 2020. Google includes open-source projects in its VRP to reduce its vulnerability.

Google security flaws “Eleet” Bug Payouts

Google’s Open Source Software Vulnerability Rewards Program (OSS VRP) rewards researchers who uncover bugs in the company’s open source software.

Google will accept “all up-to-date versions of open source software (including repository settings)” from Google-owned GitHub repositories. The business has also rewarded its Go programming language, Angular Web framework, and Fuchsia operating system for connected devices.

Google asks for supply chain vulnerabilities, design concerns that could lead to product vulnerabilities, and security weaknesses such as hacked credentials, weak passwords, or unsafe installation configurations. Google will compensate researchers who find flaws in third-party open source projects on which its software relies.

“This programme focuses on Google-produced open source projects,” says Google’s Perron. “The suggested short list of flagship projects comprises Google-driven projects.” “The guidelines include ‘Standard,’ which includes many projects.”

The company aims to pay researchers $100 to $31,337, which spells “eleet” in hackerspeak, with bigger awards for more serious or inventive vulnerabilities.

With more bug bounties, certain incentives may overlap. Google vowed to help researchers submit vulnerability findings to the relevant programmes to maximise payouts.


Leave a Reply

Your email address will not be published. Required fields are marked *