SOFTWARE DEVELOPER Google has announced that it is extending the scope of its recently launched Patch Rewards Programme to encompass more types of software, including Android.
Launched last month, the programme offers rewards to software developers who not only find vulnerabilities in open source code but also design and submit patches for future builds.
The announcement was made by Michal Zalewski of the Google Security Team on Google's Internet Security Blog. Now ripe for bounty hunting is all code relating to Android and the Android Open Source Project, Apache httpd, lighttpd, nginx, Sendmail, Postfix, Exim, Dovecot, OpenVPN, University of Delaware NTPD, Mozilla NSS, libxml2, GCC, binutils, and llvm.
Rewards can range from $500 to the mad skillz $3,133.70 based on a decision made by a panel of Google developeres, however they can veto this and offer higher rewards for particularly important work, or divide it between a number of developers who work on a specific project.
Although this might seem like a philanthropic gesture on Google's part, the potential cost savings for the internet giant are huge, with staff free to work on other projects than spending time in reactively patching problems as they arise in code that is vital to Google's systems.
That is not to say, however, that this is not a great opportunity, and Google can hope that it will spur software developers to help make the internet a safer place. µ