Google extends open source bug bounty programme to Android and Apache

Search giant makes good on promise to open up scheme to wider range of open source projects.

Android robot

Google has extended the scope of its recently launched open source bug bounty programme to include the Android mobile operating system.

The internet giant announced the launch of its Vulnerability Rewards Programme last month, which offers rewards of between $500 and $3,133.7 for anyone who roots out security holes in one of a dozen open source projects.

As reported by IT Pro at the time, the company said the scheme would eventually cover a wider range of open source projects, and the company made good on its promise in a blog post this week.

"The goal is very simple: to recognise and reward proactive security investments to third-party open source projects that are vital to the health of the entire internet," said Michal Zalewski from the Google Security Team.

"We started with a fairly conservative scope, but said we would expand the programme soon."

As such, it now covers the open source components of Android, Zalewski revealed, as well as web servers Apache httpd, lighttpd and nginx, and mail delivery services including Sendmail, Postfix, Exim and Dovecot.

A full list of all the new inclusions can be found here.

Google's decision to widen the range of projects covered by its reward programme comes at a time when several other tech giants have made moves to improve their response to vulnerability reports.

Internet giant Yahoo came under fire last month for rewarding security researchers for finding flaws in its products with money-off vouchers for its online corporate store. Several days later, the firm ushered in a reworked programme offering researchers up to $15,000 for uncovering issues.

Meanwhile, Facebook found itself on the receiving end of a barrage of abuse in August after declining to reward a researcher who uncovered a bug that could have allowed site users to post messages on the timeline of people they weren't even friends with.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Iranian hacking group continues to target US citizens
hacking

Iranian hacking group continues to target US citizens

18 Oct 2021
Ennoconn and Google Cloud enter a strategic alliance
Cloud

Ennoconn and Google Cloud enter a strategic alliance

14 Oct 2021
Google Workspace adds Jira and AppSheet integrations
collaboration

Google Workspace adds Jira and AppSheet integrations

13 Oct 2021
Google Cloud reveals edge-focused Distributed Cloud portfolio
cloud computing

Google Cloud reveals edge-focused Distributed Cloud portfolio

13 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021