New Delhi: Google has launched a new bug bounty program that will award up to $31,337 (approximately Rs 25 lakh) to researchers who have discovered vulnerabilities in the company’s open source projects.
Depending on the severity of the vulnerability and the importance of the project, rewards will range from $100 to $31,337.
Larger amounts will also go to unusual or particularly interesting vulnerabilities, “so creativity is encouraged,” Google said during the launch of its Open Source Vulnerability Bounty Program (OSS VRP).
As the supervisor of major projects such as Golang, Angular, and Fuchsia, Google is among the largest contributors and users of open source in the world.
Last year, Google saw a 650 percent year-over-year increase in attacks targeting the open source supply chain.
With the addition of the Google Vulnerability Rewards Program (VRP), researchers can now be rewarded for discovering bugs that could affect the entire open source ecosystem.
The original VRP was one of the first in the world and is now approaching its twelfth anniversary.
“Over time, our VRP lineup has expanded to include programs focused on Chrome, Android, and other areas. In total, these programs have rewarded more than 13,000 entries, with a total of more than $38 million paid out,” Google said in a statement late Tuesday.
Google said OSS VRP is part of our “$10 billion commitment to improve cybersecurity, including securing the supply chain against these types of attacks for both Google users and open source consumers around the world.”