IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Google extends open source bug bounty programme to Android and Apache

Search giant makes good on promise to open up scheme to wider range of open source projects.

Android robot

Google has extended the scope of its recently launched open source bug bounty programme to include the Android mobile operating system.

The internet giant announced the launch of its Vulnerability Rewards Programme last month, which offers rewards of between $500 and $3,133.7 for anyone who roots out security holes in one of a dozen open source projects.

As reported by IT Pro at the time, the company said the scheme would eventually cover a wider range of open source projects, and the company made good on its promise in a blog post this week.

"The goal is very simple: to recognise and reward proactive security investments to third-party open source projects that are vital to the health of the entire internet," said Michal Zalewski from the Google Security Team.

"We started with a fairly conservative scope, but said we would expand the programme soon."

As such, it now covers the open source components of Android, Zalewski revealed, as well as web servers Apache httpd, lighttpd and nginx, and mail delivery services including Sendmail, Postfix, Exim and Dovecot.

A full list of all the new inclusions can be found here.

Google's decision to widen the range of projects covered by its reward programme comes at a time when several other tech giants have made moves to improve their response to vulnerability reports.

Internet giant Yahoo came under fire last month for rewarding security researchers for finding flaws in its products with money-off vouchers for its online corporate store. Several days later, the firm ushered in a reworked programme offering researchers up to $15,000 for uncovering issues.

Meanwhile, Facebook found itself on the receiving end of a barrage of abuse in August after declining to reward a researcher who uncovered a bug that could have allowed site users to post messages on the timeline of people they weren't even friends with.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Google reveals new office in Atlanta and $1 million in funding for local communities
Careers & training

Google reveals new office in Atlanta and $1 million in funding for local communities

28 Jul 2022
Hackers hiding malicious links in top Google search results, researchers warn
malware

Hackers hiding malicious links in top Google search results, researchers warn

21 Jul 2022
Gmail vs Outlook.com: Which one is better?
email providers

Gmail vs Outlook.com: Which one is better?

13 Jul 2022
Google backs Thales' public cloud services firm
public cloud

Google backs Thales' public cloud services firm

30 Jun 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Samsung proposes 11 Texas semiconductor plants worth $191 billion
Hardware

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022