Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products.
The initiative, called “Patch Rewards Program,” was launched nearly 6 years ago, under which Google rewards hackers for reporting severe flaws in many widely used open source software, including OpenSSH, OpenSSL, Linux kernel, Apache, Nginx, jQuery, and OpenVPN.
So far, Google has paid hundreds of thousands of dollars as bounty to hackers across the world who helped improve the overall security of many crucial open source software and technologies that power the Internet, operating systems, and networks.
The company has now also decided to motivate volunteer work done by the open source community by providing upfront financial help to project teams, using which they can acquire additional development capacity.
The support is available for both small teams ($5,000) as well as for a large team ($30,000) of developers.
In a blog post published today, Google itself described that small teams could get the amount as a reward for fixing a small number of security issues.
Whereas, large open source teams need to use the funds to heavily invest in security, like providing support to find additional developers, or implementing significant new security features.
If you run any open source project or want to support any other open-source project, you can nominate it for support from Google by filling out https://goo.gle/patchz-nomination.
images from Hacker News