Google will pay open source vulnerability finders
Posted on: 10/10/2013 12:24 PM

Google is going to start paying the security community for discovering open source software vulnerabilities and will pay bug bounty rewards up to $3,133.7

Google will pay open source vulnerability finders


From The Inquirer:
"So we decided to try something new: provide financial incentives for down-to-earth, proactive improvements that go beyond merely fixing a known security bug. Whether you want to switch to a more secure allocator, to add privilege separation, to clean up a bunch of sketchy calls to strcat(), or even just to enable ASLR - we want to help."

Five types of disclosure will be accepted immediately. These include those that affect "Core infrastructure network services" like OpenSSH, BIND, and ISC DHCP, and "high impact" libraries like OpenSSL.



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/google_will_pay_open_source_vulnerability_finders.html)