Google Will Pay Rs 25 Lakh To Anyone Who Finds Bugs In Their Open Source Projects
A new bounty programme has been announced by Google, wherein any researcher who spots a vulnerability in Google’s Open Source projects will be given a huge reward.
This reward will be of as much as $31,337, which comes to be around Rs. 25 lakh!
Google Announces Bounty Of 25 Lakh!
As per reports, rewards will range from $100 to $31,337 depending on the severity of the vulnerability and the importance of the project.
If you are not aware what a bounty program is, here is a simple definition. Large platforms like Google, Facebook and Paypal float an open invitation to ethical white-hat hackers and researchers to find a security hole or a bugs in their system for a cash reward for each big found. Hackers and researchers across the world try to penetrate the system in hope of finding a security hole / bugs in these platforms.
As Google stated when launching its Open Source Software Vulnerability Rewards Program, the larger amounts will also go to unusual or particularly interesting vulnerabilities, encouraging creativity (OSS VRP).
Google is one of the world’s largest contributors and users of open source, as the maintainer of major projects such as Golang, Angular, and Fuchsia.
Last year, Google saw a 650 per cent increase in attacks targeting the open source supply chain year over year.
Google On Its Way To Improve Cybersecurity
Researchers can now be rewarded for discovering bugs that have the potential to impact the entire open source ecosystem, thanks to the addition of Google’s own vulnerability reward programme (VRP).
As per Google, “Over time, our VRP lineup has expanded to include programmes focused on Chrome, Android, and other areas. Collectively, these programs have rewarded more than 13,000 submissions, totalling over $38 million paid.”
The original VRP programme is soon to mark its 12 year anniversary and it was one of the first in the world.
Google stated that its OSS VRP is part of a $10 billion commitment to improving cybersecurity, which includes securing the supply chain against these types of attacks for both Google users and open source consumers around the world.