Google in its latest bug bounty programme, will pay up to $31,337 (about Rs 25 lakh) to researchers who find security loop-holes in the company’s Open Source projects.
Rewards will vary from $100 to $31,337 depending on the seriousness of the vulnerability and the significance of the initiative.
The larger amounts will also go to unusual or particularly interesting vulnerabilities, “so creativity is encouraged,” said Google while launching its Open Source Software Vulnerability Rewards Programme (OSS VRP).
Google is one of the biggest donors to and consumers of open source in the world, serving as the manager of important projects including Golang, Angular, and Fuchsia.
Attacks on the open source supply chain increased by 650% last year, according to Google.
With the addition of Google’s own vulnerability reward programme (VRP), researchers can now be rewarded for finding bugs that could potentially impact the entire open source ecosystem.
The original VRP programme was one of the first in the world and is now approaching its 12th anniversary.
“Over time, our VRP lineup has expanded to include programmes focused on Chrome, Android, and other areas. Collectively, these programs have rewarded more than 13,000 submissions, totalling over $38 million paid,” Google said in a statement late on Tuesday.
Google said its OSS VRP is part of “our $10 billion commitment to improving cybersecurity, including securing the supply chain against these types of attacks for both Google’s users and open source consumers worldwide”.
(inputs from IANS)