Google has introduced a new bug bounty program called the Open-Source Software Vulnerability Rewards Program (OSS VRP) for its open-source projects, offering pay-outs anywhere from $100 to $31,337 to secure the ecosystem from supply chain attacks.
The program is one of the first open source-specific vulnerability programs. It aims to reward vulnerability discoveries that could otherwise have a significant impact on the larger open-source landscape.
Citing a report from the software firm Sonatype, Google noted that attacks targeting the open-source supply chain grew 650% year-over-year in 2021. Google’s new program encourages bug hunters to look for issues in up-to-date versions of open-source software (including repository settings) stored in the public repositories of Google-owned GitHub organizations (such as Google, GoogleAPIs and GoogleCloudPlatform).
The OSS VRP is part of the $10 billion that Google has committed to spending on US cybersecurity. Google also is encouraging bug hunters to look for problems that could have the greatest impact on the supply chain, which could include design issues that cause product vulnerabilities or security issues like leaked credentials.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
