Google has introduced a new OSS VRP (Open Source Software Vulnerability Rewards Program) initiative to pay cash rewards for identifying security issues in open source projects Bazel, Angular, Go, Protocol buffers and Fuchsia, as well as projects developed in Google repositories on GitHub ( Google, GoogleAPIs, GoogleCloudPlatform, etc.) and their dependencies.
The initiative presented complements existing bounty programs, covering projects such as the Linux kernel, Chrome, Chrome OS, Android, and Kubernetes. It is noted that over the 12 years of the existence of such programs, Google has paid $ 38 million in rewards for the discovery of more than 13 thousand vulnerabilities. The reward ranges from $100 to $31337 depending on the severity of the vulnerability and the importance of the project. For particularly interesting vulnerabilities, the payout amount can be increased.
Source: opennet.ru