Google’s New Bug Bounty Program Focuses On Open-Source bugs

Share post:

Google has launched a new bug bounty program that will focus on open-source software.

As attacks on the open-source supply chain leaped 650% year-over-year in 2021 compared to the previous year, the new program will address the steep increase in supply chain compromises.

The new program encourages bug hunters to look for issues in up-to-date versions of open-source software, including the settings for repositories stored in the public repositories of Google-owned GitHub organizations.

Google also invites bug hunters to look for issues that could have the biggest impact on the supply chain, such as design issues that cause product vulnerabilities or security issues such as leaked credentials.

Depending on the severity of the vulnerability and importance of the project, the price ranges from $100 to $31,337.

The program is known as the new Open-Source Software Vulnerability Rewards Program (OSS VRP). The OSS VRP is part of the $10 billion that Google promised to pump into the U.S. cybersecurity space.

The company made the commitment last year after a White House meeting when the Biden administration pushed for better security against cyberattacks on U.S. organizations.

The sources for this piece include an article in ZDNet.


Related articles

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Cyber Security Today, June 19, 2024 – How an attacker hid on an IT network for three years

How an attacker hid on an IT network for three years Welcome to Cyber Security Today. It's Wednesday June...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways