Google extends open source bug bounty programme to Android and Apache
Search giant makes good on promise to open up scheme to wider range of open source projects.
Google has extended the scope of its recently launched open source bug bounty programme to include the Android mobile operating system.
The internet giant announced the launch of its Vulnerability Rewards Programme last month, which offers rewards of between $500 and $3,133.7 for anyone who roots out security holes in one of a dozen open source projects.
As reported by IT Pro at the time, the company said the scheme would eventually cover a wider range of open source projects, and the company made good on its promise in a blog post this week.
"The goal is very simple: to recognise and reward proactive security investments to third-party open source projects that are vital to the health of the entire internet," said Michal Zalewski from the Google Security Team.
"We started with a fairly conservative scope, but said we would expand the programme soon."
As such, it now covers the open source components of Android, Zalewski revealed, as well as web servers Apache httpd, lighttpd and nginx, and mail delivery services including Sendmail, Postfix, Exim and Dovecot.
A full list of all the new inclusions can be found here.
Google's decision to widen the range of projects covered by its reward programme comes at a time when several other tech giants have made moves to improve their response to vulnerability reports.
Internet giant Yahoo came under fire last month for rewarding security researchers for finding flaws in its products with money-off vouchers for its online corporate store. Several days later, the firm ushered in a reworked programme offering researchers up to $15,000 for uncovering issues.
Meanwhile, Facebook found itself on the receiving end of a barrage of abuse in August after declining to reward a researcher who uncovered a bug that could have allowed site users to post messages on the timeline of people they weren't even friends with.
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download