Google has launched a Open Source software vulnerability rewards program and will award up to $31,337 to researchers who spot vulnerabilities in the company’s Open Source projects.
Google said rewards will range from $100 to $31,337 depending on the severity of the vulnerability and the project’s importance. The larger amounts will also go to unusual or particularly interesting vulnerabilities, said Google.
As the maintainer of major projects such as Golang, Angular, and Fuchsia, Google is among the largest contributors and users of open source in the world.
Last year, Google saw a 650 percent increase in attacks targeting the open source supply chain.
Over time, VRP lineup has expanded to include programs focused on Chrome, Android, and other areas. Collectively, these programs have rewarded more than 13,000 submissions, totalling over $38 million paid, Google said in a statement.
Google said its OSS VRP is part of its $10 billion commitment to improving cybersecurity, including securing the supply chain against these types of attacks for both Google’s users and open source consumers worldwide.