google-introduces-bug-bounty-program-for-open-source-software

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Google Introduces Bug Bounty Program for Open-Source Software

Google has launched its Open Source Software Vulnerability Rewards Program (OSS VRP), where researchers will find bugs and vulnerabilities in the open-source software ecosystem. Google is offering rewards of around $31,337 to those who detect bugs.

Google has employed a crowdsourced approach to security with a special focus on mitigating vulnerabilities in the under-funded and under-maintained but extensively used open-source projects.

Through this rewards program, the company aims to eliminate invasion points and help enterprises function securely since the open-source ecosystem needs massive security overhauling.

It is worth noting that a large number of organizations rely on open-source software to perform critical operations. Yet, they exercise little to no control over these components, making the situation risky for these organizations.

Furthermore, attacks on the software supply chain have spiked over the years. They are currently at an all-time high after 0-day vulnerabilities Log4j and Log4Shell were discovered, and devastating data breaches took place, including SolarWinds.

Through OSS VRP, ethical hackers will get rewards ranging from $100 – $31,337, depending on their discovered bug’s severity. The highest rewards will be offered to bugs found in sensitive open-source projects like Angular, Bazel, Protocol buffers, Golang, and Fuchsia.

According to Google’s blog post, the event will focus mainly on up-to-date versions of open-source projects/software and repository settings saved in GitHub’s public repositories. Some of the vulnerabilities Google expects to be detected include those that cause supply chain compromise, product vulnerabilities caused by design issues, weak passwords, leaked credentials, etc.

  • Vulnerabilities that lead to supply chain compromise
  • Design issues that cause product vulnerabilities
  • Other security issues such as sensitive or leaked credentials, weak passwords, or insecure installations

“The larger amounts will also go to unusual or particularly interesting vulnerabilities, so creativity is encouraged.”

Google

Such programs will restore the confidence of users and vendors in the open source software supply chain as vulnerabilities will be timely identified and fixed. So if you have what it takes to participate in Google’s latest bug bounty program we wish you good luck!

Related News

Nearly 500 million WhatsApp User Records Sold Online

Nearly 500 million WhatsApp User Records Sold Online

In what is becoming a rather common trend, a threat actor is claiming to sell 487 million WhatsApp users’ mobile…
How to Create ISO Files from Discs – 3 Best Ways

How to Create ISO Files from Discs – 3 Best Ways

An ISO file is a disk image of an optical disc. It is a single file that contains all the…
All You Need to Know About Emotet in 2022

All You Need to Know About Emotet in 2022

For 6 months, the infamous Emotet botnet has shown almost no activity, and now it’s distributing malicious spam. Let’s dive…