• »
  • Google begins offering financial rewards for proactive security patches made to select open-source projects

Google begins offering financial rewards for proactive security patches made to select open-source projects

Posted by : Brij Bhushan Wednesday, 9 October 2013



Google today started to provide financial incentives for proactive improvements to open-source software (OSS) that go beyond merely fixing a known security bug. Awards currently range between $500 and $3,133.70.


Google says it will be rolling out the program gradually, the speed of which will be dermined on the quality of the received submissions and feedback from the developer community. The initial run is limit in scope to the following projects:



  • Core infrastructure network services: OpenSSH, BIND, ISC DHCP.

  • Core infrastructure image parsers: libjpeg, libjpeg-turbo, libpng, giflib.

  • Open-source foundations of Google Chrome: Chromium, Blink.

  • Other high-impact libraries: OpenSSL, zlib.

  • Security-critical, commonly used components of the Linux kernel (including KVM).


Soon (it wouldn’t say when exactly), the company will extend the program to:



  • Widely used web servers: Apache httpd, lighttpd, nginx.

  • Popular SMTP services: Sendmail, Postfix, Exim.

  • Toolchain security improvements for GCC, binutils, and llvm.

  • Virtual private networking: OpenVPN.


In other words, the company is trying to bring its Vulnerability Reward Program to the world of OSS in the hopes of improving the security of key third-party software critical to the health of the entire Internet. That’s a great goal, if we may say so ourselves.


More to follow.





Leave a Reply

Subscribe to Posts | Subscribe to Comments

Popular Post

Followers

- Copyright © 2013 FB EDucator - Powered by Blogger-