Google 25L Bug Bounty Programme

Google has announced that it is launching a bug bounty programme for finding flaws in its open-source code.

Researchers will be rewarded for finding bugs that could potentially impact the entire open-source ecosystem through the Google Open-Source Software Vulnerability Rewards Program.

The reward, depending on the severity of the bug, could range from $31,337 to around Rs 25 million.

According to the tech giant, rewards will range from $100 to $31,337 depending on the vulnerability’s severity and the initiative’s importance.

At the time of launching its Open-Source Software Vulnerability Rewards Program, Google announced a bug bounty program.

Google said that it will award special prizes to researchers who find particularly interesting vulnerabilities, in order to encourage innovation.

The firm stated, that the most sensitive projects, Bazel, Angular, Golang, Protocol buffers, and Fuchsia, will receive the top awards. Google further said, it has supported security researchers and bug hunters for over a decade.

The original VRP programme, which rewards those who make Google’s code more secure, is nearing its 12th anniversary.

Google Vulnerability Reward Program

The VRP programme has grown to include Chrome, Android, and other programmes, awarding more than $38 million to over 13,000 submissions.

Repository settings like GitHub actions, application configurations, access control rules, and Google software are the linchpins of the firm’s recently launched Vulnerability Reward Program.

The security issues affecting the software supply chain are the primary focus of Google’s OSS VRP.

Tech Giant advises bug bounty hunters to focus on issues, like weak passwords, and unsecured installations, to prevent supply chain vulnerability, product risks caused by design flaws, and security flaws like exposed credentials.

The tech firm also recommended participants carefully observe the program rules and detailed information on the project.

The official statement said “Before you start, please see the program rules for more information about out-of-scope projects and vulnerabilities, then get hacking and let us know what you find. If your submission is particularly unusual, we’ll reach out and work with you directly for triaging and response,”

Google is going to recognize the programmers and will thank them officially for their involvement.

doubled the amount of money it pays out to those who discover zero-day flaws or exploits targeting the Linux operating system, Kubernetes, Google Kubernetes Engine (GKE), or kCTF in February.

Google said that the new programme indicates rising supply chain compromises. The report says attacks targeting the open-source supply chain were 650% on the year.

To improve cyber security the new bug bounty Google open-source programme is a part of Google’s $10 billion commitment.