1 min read

Google to Offer Advance Payments in Patch Rewards Program

Silviu STAHIE

December 19, 2019

Google to Offer Advance Payments in Patch Rewards Program

Google says it plans to be more proactive in its bug and vulnerability hunting and is now offering money before patch work is completed, as opposed to after the fact.

Security needs to be a proactive enterprise, which usually means that companies such as Google have to fund bug-hunting programs so that they know about the problems before they can cause a problem. The Patch Rewards program for third-party open-source projects is a good example, and, until now, it worked by rewarding developers for discovering vulnerabilities and other issues.

One change Google is implementing in the Patch Rewards program is to make it proactive. More precisely, it will pay the developers of third-party open-source programs for security improvements.

“We”re not only going to reward proactive security improvements after the work is completed, but we will also complement the program with upfront financial support to provide an additional resource for open source developers to prioritize security work,” said Google”s Jan Keller, Technical Program Manager.

“For example, if you are a small open source project and you want to improve security, but don”t have the necessary resources, this new reward can help you acquire additional development capacity.”

For now, Google is offering two support levels. The smaller one, of $5,000, is meant as an incentive for fixing vulnerabilities identified in open source software by bug bounty programs such as EU-FOSSA 2.

The second tier is much bigger, at up to $30,000, and is aimed at large projects that need to invest in hiring new developers or add new security features.

The money will be attributed after a short nominalization process and after the projects submit their plans for strengthening security. The regular Patch Rewards program will continue unabated, with the current changes working only as an addendum.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read