Patch Rewards is one of Google’s oldest security programs, which had earlier started in 2013 ,objective is to provide financial aid to developers of open-source projects that implement important security features.
In order to get paid, project maintainers would first have to apply and provide a plan for the feature they intended to implement. Google would then commit to providing a financial reward that would be paid out only after the feature was implemented.
Now starting from 1st Jan 2020 , Google is willing to pay out some rewards upfront, before the security features are delivered. Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects.
To secure the android platform, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products.
The company has now also decided to motivate volunteer work done by the open source community by providing upfront financial help to project teams, using which they can acquire additional development capacity. The Patch Rewards Program is widely open for the open source software, including OpenSSH, OpenSSL, Linux kernel, Apache, Nginx, jQuery, and OpenVPN.
Google has paid hundreds of thousands of dollars as bounty to hackers across the world who helped improve the overall security of many crucial open source software and technologies that power the Internet, operating systems, and networks. The support is available for both small teams ($5,000) as well as for a large team ($30,000) of developers.
Google itself described that small teams could get the amount as a reward for fixing a small number of security issues. Whereas, the large open source teams need to use the funds to heavily invest in security, like providing support to find additional developers, or implementing significant new security features.
"Any open source project can be nominated for support. When selecting projects, the panel will put an emphasis on projects that either are vital to the health of the Internet or are end-user projects with a large user base," Google says.
"Our Patch Reward Panel will review submissions on a monthly basis and select a number of projects that meet the program criteria."
You can find more details on the Patch Rewards Program here, including the list of projects, types of acceptable vulnerabilities, and rewards for qualifying submissions, which ranges from $500 to $20,000.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
