The world’s largest technology corporation, Google, has started a new bug bounty program in which it will pay up to $31,337 (about Rs 25 lakh) to researchers who discover errors in its open source projects. The recently unveiled Vulnerability Rewards Program (VRP), which will concentrate on Google software and repository settings like GitHub activities, application setup, and access control rules, was just disclosed.
The business stated that those who discover defects in open source software will receive rewards ranging from $ 101 to $ 31,337, or roughly Rs 8,031 to Rs 24,92,403, based on the severity of the vulnerability and the value of the product. The top prize, according to the business, will be given to someone who finds bugs in important programs like Golang, Angular, and Fuchsia.
Attack on open source supply chain
Google manages significant projects like Golang, Angular, and Fuchsia and is one of the top donors and consumers of open source in the world. Attacks on the open source distribution network increased by 650 percent year over year last year, according to Google. Through VRP, researchers can now receive compensation for discovering defects that could potentially harm the entire open source ecosystem. can impact.
One of the world’s first programs
In a statement, Google said that VRP was among the first such programs ever created and that its 12th birthday is quickly approaching. Our VRP assortment has grown over time to include apps targeted toward Chrome, Android, and other platforms, the business added. In total, these programs have awarded more than 13,000 applications for more than $38 million.