Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products.
The initiative, called “Patch Rewards Program,” was launched nearly 6 years ago, under which Google rewards hackers for reporting severe flaws in many widely used open source software, including OpenSSH, OpenSSL, Linux kernel, Apache, Nginx, jQuery, and OpenVPN.
So far, Google has paid hundreds of thousands of dollars as bounty to hackers across the world who helped improve the overall security of many crucial open source software and technologies that power the Internet, operating systems, and networks.
The company has now also decided to motivate volunteer work done by the open source community by providing upfront financial help to project teams, using which they can acquire additional development capacity.
The support is available for both small teams ($5,000) as well as for a large team ($30,000) of developers.
In a blog post published today, Google itself described that small teams could get the amount as a reward for fixing a small number of security issues.
Whereas, large open source teams need to use the funds to heavily invest in security, like providing support to find additional developers, or implementing significant new security features.
If you run any open source project or want to support any other open-source project, you can nominate it for support from Google by filling out https://goo.gle/patchz-nomination.
“Any open source project can be nominated for support. When selecting projects, the panel will put an emphasis on projects that either are vital to the health of the Internet or are end-user projects with a large user base,” Google says.
“Our Patch Reward Panel will review submissions on a monthly basis and select a number of projects that meet the program criteria.”
You can find more details on the Patch Rewards Program here, including the list of projects, types of acceptable vulnerabilities, and rewards for qualifying submissions, which ranges from $500 to $20,000.