Google Extends Its Vulnerability Reward Program To Open-Source Software

Google: Saving the Internet one patch at a time. Developers: Earn anywhere from $500 to $3,133 for your efforts.

Google will now offer a financial carrot to developers who manage to improve the security of open-source software. That means not just spotting a bug in key third-party software "critical to the health of the entire Internet," but also fixing it. The firm, which signed an open-source patent pledge earlier this year, said it decided against a basic bug-hunting program, because "bug bounties invite a significant volume of spurious traffic--enough to completely overwhelm a small community of volunteers. On top of this, fixing a problem often requires more effort than finding it."

The rewards range from $500 to just over $3,000 for people to use their tech know-how on existing open-source projects. The list of what Google wants to tackle is here, but it emphasized that more areas would be up for grabs soon.

Open-source software is everywhere. Almost four years ago, both the Department of Defense and the White House put Drupal to work as their websites' CMS. President Obama's then-tech czar--in fact, the U.S. government's first ever CIO--Vivek Kundra, allowed developers to work on its custom code three years ago.

Facebook has also embraced it in its Open Computer project, which uses the concept on the hardware in its data centers. The New Yorker has an open-source tip tool, and there's even an open-source, hands-free vibrator, for those of you who like to, well, vibrate.

[Image: Flickr user GoldScotland71]

Add New Comment

0 Comments