Google extends its vulnerability reward program

Rewards for people's tech know-how range from $500 to over $3000


Published October 10, 2013 2:57PM (EDT)

Google has announced that it is to offer a financial carrot to developers who manage to improve the security of open–source software. That means not just spotting a bug in key third–party software "critical to the health of the entire Internet" but also fixing it. The firm, which signed an open–source patent pledge earlier this year, said that it decided against a basic bug–hunting program, as "bug bounties invite a significant volume of spurious traffic – enough to completely overwhelm a small community of volunteers. On top of this, fixing a problem often requires more effort than finding it."

The rewards range from $500 to just over $3,000, for people to use their tech know–how on existing open–source projects. The list of what Google wants to tackle is here, but it emphasised that more areas would be up for grabs soon.

Open–source software is everywhere. Almost four years ago, both the DoD and the White House put Drupal to work as the CMS on their website. President Obama's then tech czar––in fact, the U.S. Government's first ever CIO––Vivek Kundra allowed developers to work on its custom code three years ago.

Facebook has embraced it in its Open Computer project, which uses the concept on the hardware in its data centers. The New Yorker has an open–source tip tool, and there's even an open–source, hands–free vibrator, for those of you who like to, well, vibrate.



Related Topics ------------------------------------------

Google It Open Computer Open Source Software Tech