Approximately six weeks ago, Google launched a new program it was calling the Patch Reward Program. The program encourages coders to take a proactive approach to improve “third-party” software that Google believes is key to the health of the Internet. According to Google:
“The goal is very simple: to recognize and reward proactive security improvements to third-party open-source projects that are vital to the health of the entire Internet.”
If an improvement is accepted by Google, they offer a financial incentive ranging from $500 to $3,133.70. The program originally launched with the following project types eligible:
- Services that are considered core infrastructure network services like OpenSSH, BIND, and ISC DHCP;
- Image parsers that are part of the core infrastructure like libjpeg, libjpeg-turbo, libpng, and giflib;
- Open-source foundation packages that are part of Google Chrome like Chromium and Blink;
- Libraries that are considered “high-impact” like OpenSSL and zlib;
- Commonly used, security critical components of the Linux kernel, including KVM.
With today’s announcement, Google has expanded the program to include:
- Open source components of Android, including the Android Open Source Project (AOSP);
- Web servers like Apache httpd, lighttpd, and nginx;
- Mail services like Sendmail, Postfix, Exim and Dovecot;
- The OpenVPN virtual private networking platform;
- The University of Delaware NTPD network time package;
- Some core libraries used in Mozilla NSS and libxml2;
- Toolchain security improvements that are part of GCC, binutils, and llvm.
You may note that even though Google originally intended the program to target “third-party” projects, the inclusion of Android indicates that could include in-house projects.
Google has said in the past that it would gradually add more project types over time, so other packages could become eligible in the future.
source: TheNextWeb
Come comment on this article: Google’s Patch Reward Program adds numerous open source software projects
Powered by WPeMatico