Google pays security experts who uncover security flaws in its products. It’s better to prevent problems than to address them after a hack or attack. Google is expanding VRP to open-source projects. Researchers can submit bugs and vulnerabilities that affect Google’s open-source ecosystem and get compensated.
Google established this scheme because hackers consider open-source software as attack vendors. According to the firm, attacks on open-source supply chains increased by 650% in 2021 over 2020. Google includes open-source projects in its VRP to reduce its vulnerability.
Google security flaws “Eleet” Bug Payouts
Google’s Open Source Software Vulnerability Rewards Program (OSS VRP) rewards researchers who uncover bugs in the company’s open source software.
Google will accept “all up-to-date versions of open source software (including repository settings)” from Google-owned GitHub repositories. The business has also rewarded its Go programming language, Angular Web framework, and Fuchsia operating system for connected devices.
Google asks for supply chain vulnerabilities, design concerns that could lead to product vulnerabilities, and security weaknesses such as hacked credentials, weak passwords, or unsafe installation configurations. Google will compensate researchers who find flaws in third-party open source projects on which its software relies.
“This programme focuses on Google-produced open source projects,” says Google’s Perron. “The suggested short list of flagship projects comprises Google-driven projects.” “The guidelines include ‘Standard,’ which includes many projects.”
The company aims to pay researchers $100 to $31,337, which spells “eleet” in hackerspeak, with bigger awards for more serious or inventive vulnerabilities.
With more bug bounties, certain incentives may overlap. Google vowed to help researchers submit vulnerability findings to the relevant programmes to maximise payouts.
- Read More: You might reconsider foldable as Samsung made screen repair so cheap
- Best OnePlus phones in 2022: From new and old
- Sennheiser Momentum 4 vs Sony WH-1000XM5: Which Wireless is best for you?