Tech giant Google introduces a reward system for identifying open source software security weaknesses

Tech giant Google introduces a reward system for identifying open source software security weaknesses

In a bid to enhance the security of open source software, Google has announced the launch of its new Open Source Software Vulnerability Rewards Program (OSS VRP). This program is a response to a significant increase in supply chain attacks aimed at open source, as evidenced by incidents like Codecov and Log4Shell.

Since the program began, Google has paid more than $38 million on over 13,000 submissions. The new OSS VRP is a part of Google's ongoing effort to improve open source security, with the company spending over $7.5 million in the past year alone.

Francis Perron, open source security technical program manager at Google, stated that the new scope of the VRP emphasizes the importance of rewarding security research in the open source ecosystem and the importance of vulnerability disclosure in open source. The program focuses on vulnerabilities leading to supply chain compromise, design issues that lead to product vulnerabilities, and sensitive security issues.

The rewards offered by the OSS VRP range from $100 to $31,337, depending on the severity of the vulnerability or the importance of the project. Top rewards will be given for vulnerabilities found in the most sensitive projects, which include Bazel, Angular, Golang, Protocol buffers, and Fuchsia. Google, which is one of the largest contributors to open source, maintains projects such as Golang, Angular, and Fuchsia.

The new OSS VRP will target up-to-date versions of OSS, including repository settings, stored in public repositories of Google-owned GitHub organizations. Google plans to expand the list of sensitive projects after an initial rollout period.

Google is not alone in this endeavour. The company is one of several major technology firms that have pushed the White House to help improve the security of open source software. The OSS VRP is Google's latest initiative to address the growing concern over the security of open source software and to encourage responsible disclosure of vulnerabilities.

As the use of open source software continues to grow, so does the need for robust security measures. With the launch of the OSS VRP, Google is taking a significant step towards ensuring the security of open source software, thereby protecting the millions of users who rely on it every day.

Read also:

• Oxidative Stress in Sperm Abnormalities: Impact of Reactive Oxygen Species (ROS) on Sperm Harm
• Is it possible to receive the hepatitis B vaccine more than once?
• Transgender Individuals and Menopause: A Question of Occurrence?
• Genetically manipulated rabbits sprout ominous black horns on their heads