Google rolls out its bug bounty program
Posted by: Timothy Weaver on 10/09/2013 03:48 PM
[
Comments
]
Google is rolling out its Vulnerability Reward Program.
They plan to provide financial incentives for down-to-earth, proactive improvements that go beyond merely fixing a known security bug.
• Core infrastructure network services: OpenSSH, BIND, ISC DHCP
• Core infrastructure image parsers: libjpeg, libjpeg-turbo, libpng, giflib
• Open-source foundations of Google Chrome: Chromium, Blink
• Other high-impact libraries: OpenSSL, zlib
• Security-critical, commonly used components of the Linux kernel (including KVM)
They intend to soon extend the program to:
• Widely used web servers: Apache httpd, lighttpd, nginx
• Popular SMTP services: Sendmail, Postfix, Exim
• Toolchain security improvements for GCC, binutils, and llvm
• Virtual private networking: OpenVPN
You can submit your patches directly to the maintainers of the individual projects. Once your patch is accepted and merged into the repository, please send all the relevant details to security-patches@google.com.
They plan to provide financial incentives for down-to-earth, proactive improvements that go beyond merely fixing a known security bug.
• Core infrastructure network services: OpenSSH, BIND, ISC DHCP
• Core infrastructure image parsers: libjpeg, libjpeg-turbo, libpng, giflib
• Open-source foundations of Google Chrome: Chromium, Blink
• Other high-impact libraries: OpenSSL, zlib
• Security-critical, commonly used components of the Linux kernel (including KVM)
They intend to soon extend the program to:
• Widely used web servers: Apache httpd, lighttpd, nginx
• Popular SMTP services: Sendmail, Postfix, Exim
• Toolchain security improvements for GCC, binutils, and llvm
• Virtual private networking: OpenVPN
You can submit your patches directly to the maintainers of the individual projects. Once your patch is accepted and merged into the repository, please send all the relevant details to security-patches@google.com.
Comments
