View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 11, 2013

Google extends bug bounty rewards programme to open source projects

Mainly aimed at improving security of key third-party software vital to the strength of the overall internet, Google says.

By CBR Staff Writer

Google has revealed plans to extend the bug bounty rewards programme to selected open-source projects.

Targeted at improving the security of key third-party software, vital to the strength of the overall internet, the vulnerability rewards programme will initially range between $500 and $3,133.70 for core infrastructure network services, such as OpenSSH, BIND, ISC DHCP, in addition to core infrastructure image parsers including libjpeg, libjpeg-turbo, libpng and giflib.

The new bug bounty rewards scheme will also be added to open-source foundations of Google Chrome, including Chromium, Blink; other high-impact libraries such as OpenSSL, zlib; in addition to security-critical, commonly used elements of the Linux kernel.

Google Security Team’s Michal Zalewski said that in addition to offering valid reports, bug bounties invite a significant volume of spurious traffic – enough to completely overwhelm a small community of volunteers.

"On top of this, fixing a problem often requires more effort than finding it," Zalewski said.

"So we decided to try something new: provide financial incentives for down-to-earth, proactive improvements that go beyond merely fixing a known security bug."

In due course, Google is also planning to extend the scheme to other widely used web servers (Apache httpd, lighttpd, nginx), popular SMTP services (Sendmail, Postfix, Exim), toolchain security improvements for GCC, binutils, and llvm in addition to virtual private networking (OpenVPN ).

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Recently, Microsoft awarded $100,000 bounty to UK security researcher James Forshaw, after detecting design level security bugs on IE11 preview, while an Indian electronics and communications engineer, Arul Kumar, received $12,500 from Facebook upon discovering a bug in its support dashboard.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.