The Inquirer-Home

Google offers bug bounties for Android patches

More open source software qualifies
Tue Nov 19 2013, 16:42

SOFTWARE DEVELOPER Google has announced that it is extending the scope of its recently launched Patch Rewards Programme to encompass more types of software, including Android.

Launched last month, the programme offers rewards to software developers who not only find vulnerabilities in open source code but also design and submit patches for future builds.

The announcement was made by Michal Zalewski of the Google Security Team on Google's Internet Security Blog. Now ripe for bounty hunting is all code relating to Android and the Android Open Source Project, Apache httpd, lighttpd, nginx, Sendmail, Postfix, Exim, Dovecot, OpenVPN, University of Delaware NTPD, Mozilla NSS, libxml2, GCC, binutils, and llvm.

Rewards can range from $500 to the mad skillz $3,133.70 based on a decision made by a panel of Google developeres, however they can veto this and offer higher rewards for particularly important work, or divide it between a number of developers who work on a specific project.

Although this might seem like a philanthropic gesture on Google's part, the potential cost savings for the internet giant are huge, with staff free to work on other projects than spending time in reactively patching problems as they arise in code that is vital to Google's systems.

That is not to say, however, that this is not a great opportunity, and Google can hope that it will spur software developers to help make the internet a safer place. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015