Google’s new bug Bounty Program focuses on Open-Source bugs

Google has launched a new bug bounty program that will focus on open-source software.

As attacks on the open-source supply chain leaped 650 per cent year-over-year in 2021 compared to the previous year, the new program will address the steep increase in supply chain compromises.

The new program encourages bug hunters to look for issues in up-to-date versions of open-source software, including the settings for repositories stored in the public repositories of Google-owned GitHub organizations.

Google also invites bug hunters to look for issues that could have the biggest impact on the supply chain, such as design issues that cause product vulnerabilities or security issues such as leaked credentials.

Depending on the severity of the vulnerability and importance of the project, the price ranges from US$100 to US$31,337.

The program is known as the new Open-Source Software Vulnerability Rewards Program (OSS VRP). The OSS VRP is part of the $10 billion that Google promised to pump into the U.S. cybersecurity space.

The company made the commitment last year after a White House meeting when the Biden administration pushed for better security against cyberattacks on U.S. organizations.

The sources for this piece include an article in ZDNet.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web