| jeremy |
10-10-2013 12:33 PM |
Google offers “leet” cash prizes for updates to Linux and other OS software
Quote:
Rewards designed to improve security of software critical to Internet's health.
Google is offering rewards as high as $3,133.70 for software updates that improve the security of OpenSSL, OpenSSH, BIND, and several other open-source packages that are critical to the stability of the Internet.
The program announced Wednesday expands on Google's current bug-bounty program, which pays from $500 to $3,133.70 to people who privately report bugs found in the company's software and Web properties. Security researchers inside the company considered modifying the program to reward bug reports in open-source software, but eventually decided against that approach. The reason: bug bounty programs often invite a flood of reports of varying quality that can overwhelm the finite resources of open-source developers. What's more, it's frequently much harder to patch a vulnerability than merely to find it.
"So we decided to try something new: provide financial incentives for down-to-earth, proactive improvements that go beyond merely fixing a known security bug," Michael Zalewski, a member of the Google security team, wrote in a blog post. "Whether you want to switch to a more secure allocator, to add privilege separation, to clean up a bunch of sketchy calls to strcat(), or even just enable ASLR—we want to help."
Beginning immediately, the program will offer rewards between $500 and $3,133.70 for security improvements to core infrastructure network services such as OpenSSH, BIND, and ISC DHCP; image parsers such as libjpeg and libjpeg-turbo; the open-source foundations of Google Chrome; the high impact code libraries OpenSSL and zlib; and security-critical, commonly used components of the Linux operating system kernel. Eventually, Google will pay for fixes to other open-source programs, including the Apache Web server, Sendmail e-mail service, and the OpenVPN virtual private networking app.
|
More at Ars...
--jeremy |
