Google Offers Financial Support to Open Source Projects for Cybersecurity


Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products.

The initiative, called “Patch Rewards Program,” was launched nearly 6 years ago, under which Google rewards hackers for reporting severe flaws in many widely used open source software, including OpenSSH, OpenSSL, Linux kernel, Apache, Nginx, jQuery, and OpenVPN.

So far, Google has paid hundreds of thousands of dollars as bounty to hackers across the world who helped improve the overall security of many crucial open source software and technologies that power the Internet, operating systems, and networks.

The company has now also decided to motivate volunteer work done by the open source community by providing upfront financial help to project teams, using which they can acquire additional development capacity.

The support is available for both small teams ($5,000) as well as for a large team ($30,000) of developers.

In a blog post published today, Google itself described that small teams could get the amount as a reward for fixing a small number of security issues.

Whereas, large open source teams need to use the funds to heavily invest in security, like providing support to find additional developers, or implementing significant new security features.

If you run any open source project or want to support any other open-source project, you can nominate it for support from Google by filling out

Web Application Firewall

“Any open source project can be nominated for support. When selecting projects, the panel will put an emphasis on projects that either are vital to the health of the Internet or are end-user projects with a large user base,” Google says.

“Our Patch Reward Panel will review submissions on a monthly basis and select a number of projects that meet the program criteria.”

You can find more details on the Patch Rewards Program here, including the list of projects, types of acceptable vulnerabilities, and rewards for qualifying submissions, which ranges from $500 to $20,000.

Articles You May Like

US government securities watchdog spoofed by investment scammers – don’t fall for it!
Zero Care About Zero Days
GoDaddy admits to password breach: check your Managed WordPress site!
Apple files lawsuit against spyware vendor NSO Group
Head of Instagram Adam Mosseri will testify before the Senate on teen mental heath

Leave a Reply

Your email address will not be published. Required fields are marked *