Google Announces New Open Source Bug Bounty

Google has launched a new bug bounty program for its open source projects to help secure the ecosystem from supply chain attacks, reports Ravie Lakshmanan.

The Open Source Software Vulnerability Rewards Program (OSS VRP) will offer payouts from $101 to $31,337 (in reference to leet or eleet), Lakshmanan notes, and rewards for vulnerabilities found in “first-tier” projects (e.g., Bazel, Angular, Golang, Protocol Buffers, and Fuchsia) are significantly higher than for those in other tiers.

Check out the complete bug bounty program rules and learn more at HackerNews.

Comments