What are bug bounty programs?
Simply put, a bug bounty is a monetary reward that is given to security researchers or ethical hackers for finding vulnerabilities or security flaws in apps, services or operating systems. It helps companies discover certain bugs that might have been missed before any software or app is rolled out.
What is Google’s latest bug bounty program?
In a blog post, Google said that it is launching Google’s Open Source Software Vulnerability Rewards Program (OSS VRP) to reward discoveries of vulnerabilities in Google’s open-source projects. “With the addition of Google’s OSS VRP to our family of Vulnerability Reward Programs (VRPs), researchers can now be rewarded for finding bugs that could potentially impact the entire open source ecosystem,” said Google in the blog post. The bug bounty program is for open-source projects like Fuchsia, Golang, and Angular among others.
What is the amount Google will pay to those who find bugs?
Depending on the severity of the vulnerability and the project’s importance, rewards will range from $100 (close to Rs 8,000) to $31,337 (close to Rs 25 lakh). “The larger amounts will also go to unusual or particularly interesting vulnerabilities, so creativity is encouraged,” said Google in the blog post.
How much money Google has paid bounty hunters so far?
Google said that through its existing bug bounty programs, it has rewarded bug hunters from over 84 countries. “Collectively, these programs have rewarded more than 13,000 submissions, totalling over $38M paid,” added Google.