Google has expanded its Patch Reward program to pay users that discover vulnerability in Android.
Google launched its Patch program in October 2013. At launch, it included the following project types:
Google intend to soon extend the program to:
According to the patch rewards guidelines, submit your all the relevant details to security-patches@google.com. Patch reward can ranging form $500 to $3133.70 amount may be higher based on the complexity and impact of the patch.
Source: Patch Reward Guidelines, Google Online Security
According to Google, “Whether you want to switch to a more secure allocator, to add privilege separation, to clean up a bunch of sketchy calls to strcat(), or even just to enable ASLR – we want to help!”Recommended Read: Browse and Edit Your file on Your Android Device
Google launched its Patch program in October 2013. At launch, it included the following project types:
- Core infrastructure network services: OpenSSH, BIND, ISC DHCP
- Core infrastructure image parsers: libjpeg, libjpeg-turbo, libpng, giflib
- Open-source foundations of Google Chrome: Chromium, Blink
- Other high-impact libraries: OpenSSL, zlib
- Security-critical, commonly used components of the Linux kernel (including KVM)
Google intend to soon extend the program to:
- Widely used web servers: Apache httpd, lighttpd, nginx
- Popular SMTP services: Sendmail, Postfix, Exim
- Toolchain security improvements for GCC, binutils, and llvm
- Virtual private networking: OpenVPN
We started with a fairly conservative scope, but said we would expand the program soon. Today, we are adding the following to the list of projects that are eligible for rewards:
- All the open-source components of Android: Android Open Source Project
- Widely used web servers: Apache httpd, lighttpd, nginx
- Popular mail delivery services: Sendmail, Postfix, Exim, Dovecot
- Virtual private networking: OpenVPN
- Network time: University of Delaware NTPD
- Additional core libraries: Mozilla NSS, libxml2
- Toolchain security improvements for GCC, binutils, and llvm
How to Participate?
According to the patch rewards guidelines, submit your all the relevant details to security-patches@google.com. Patch reward can ranging form $500 to $3133.70 amount may be higher based on the complexity and impact of the patch.
Source: Patch Reward Guidelines, Google Online Security