Google rewards research for vulnerabilities in open source software

Google has launched an Open Source Software Vulnerability Rewards (OSS VRP) program. This is a bug bounty program for open source software. Google itself is known to be involved in some open source projects (Fuchsia etc.). The new program also rewards researchers who discover vulnerabilities that could affect the entire open source ecosystem.

Over the years, the program has expanded to many areas: Chrome, Android, etc. In total, more than 13,000 submissions totaling over US$38 million have been honored under these programs. According to Google, this is a response to the increase in attacks against open source vulnerabilities. There have been a few in recent years.

The program focuses of course on vulnerabilities that affect Google’s open source software itself, i.e. all public repositories of Google’s own organizations (Google, GoogleAPIs, Google Cloud Platform), but also those that depend on third-party software. The main awards are given to vulnerabilities found in the most sensitive projects: Bazel, Angular, Golang, Protocol buffers and Fuchsia. After the first rollout, the plan is to expand the roster.

This article contains affiliate links, so we mark it as advertisement. By clicking on it, you will directly access the supplier. If you decide to make a purchase there, we will receive a small commission. Nothing changes in the price for you. Thank you for your support!