Google plus has extended its VRP to its open-source projects and is offering significant rewards to those who find vulnerabilities in them.
It’s not uncommon to hear about it Google plus bounty when it comes to rewarding those who find gaps in your security. Without going further, in 2021, Big G delivered nearly $9 million in rewards to those who participate in its bug-hunting program.
The Mountain View company has announced that it is better to spend money to alleviate a problem than to solve it after someone with bad intentions has exploited it extends your bounty program or VRP to your open source projects.
Attacks are increasing through open source products
As collected in Android PoliceGoogle plus decided to start this new program because piratas informáticos are starting to see open source products as such Vehicles to carry out computer attacks. The company aprecies that 2021 is up 650% compared to 2020.
These attacks targeted open source programa used by various tech companies and of course Google plus wants to disminuye the likelihood of being affected. And that’s exactly why we’re talking about extending VRP to your open source projects.
Up to $30,000 to discover a vulnerability
Logically, the highest reward is given to those who find vulnerabilities in the most important and sensitive projects. Such is the case with Google plus Fuchsia, the language-focused operating system they say will replace Android. Rewards range from $100 to $31,337 depending on the severity of the potential attack.
If you are interested in participating, you should keep in mind that there are a number of rules for doing so Google plus has published Bug Hunters on its website that you must follow. We’ll leave you below what errors to look for to enable them to participate in the program to participate in the Google plus rewards program:
- Vulnerabilities in the supply chain. Here comes everything related to repository corruption, distribution of artifacts to users, and compromise of cryptographic key signing.
- product vulnerabilities. This is where we address any vulnerabilities that could affect usuario data of people using Google plus services.
- Other security issues. This includes any non-technical vulnerabilities (like those above). An example is the unsafe use of programa that could compromise the security of developers associated with a project.
We would like to take this opportunity to remind you that VRP Google plus a as an integral part of the company’s security strategy. The rewards provided have increased over the years, and as has been confirmed, the Mountain View reward pays out a good amount of money to those who work to find vulnerabilities in their products.