Home etc Blogs Google Will Pay For Security Improvements In Open Source Projects

Google Will Pay For Security Improvements In Open Source Projects

0
4873
  • Google will provide monetary support of as much as $30,000 to projects depending on the scope of the project
  • For smaller projects, Google will offer $5,000 to fix security problems

According to a report by Duo, Google is modifying the reward program that offers rewards to open source projects for security improvements. Now, the tech major will provide monetary support in advance for projects that do not have financial resources to do it on their own said the report.

As per the report, the patch reward program is a part of Google’s vulnerability reward program. It pays researchers rewards for discovering and submitting security flaws in certain Google products and services. Google started this program in 2013 to encourage maintainers of open source projects to work on security weaknesses said the report.

As much as $30,000 to projects

The program rewards developers for strengthening certain elements or eliminating vulnerable libraries that are known. The program required developers to submit their fixes to the maintainers of an open source project originally. It would then get submitted to Google and the company would later consider it for a reward as per the report.

Now, Google will provide money up front for some projects that aim to make improvements in security measures but have financial constraints. Starting from January 2020, Google will provide monetary support of as much as $30,000 to projects depending on the scope of the challenge they are working on said the report.

$5,000 for smaller projects

The top end of the support will be reserved for large open source projects that make significant change or bring in new developers. For smaller projects, Google will offer $5,000 to fix security problems like improvements to sand-boxing or patching vulnerabilities

The report said that Jan Keller, technical program manager for security at Google said that starting from 1st January of next year, the company will not only reward proactive security improvements after the work is completed but also complement the program with upfront financial support.

NO COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here