Google Inc (NASDAQ:GOOG) has decided upon awarding developers for coming up with proactive security improvements for some of the most popular open-source software programs. According to Michal Zalewski of Google’s Security Team, the main objective of the program is to “improve the security of key third-party software critical to the health of the entire Internet.” He said that reward will be ranging from $500 to $3,133.70.
Reward is first of its kind
Google Inc (NASDAQ:GOOG) said that it has decided to do something new and described the program as, “Quite a few vulnerabilities trace back to preventable coding mistakes, or are made easier to exploit due to the absence of simple mitigation techniques. We are hoping to address this to some extent.”
Google wants the improvements to be integrated with privilege separation, memory allocator hardening, cleanups of integer arithmetic’s, and fixes for race conditions, according to the program’s rules.
Generally, open source software projects are contributed by unpaid volunteers, but many companies have their core business around the open source, so they hire full time employees to contribute code.
Google Inc (NASDAQ:GOOG), by starting to reward the contributors, has added some fiscal reward to the work that was otherwise done by the volunteers out of interest and dedication. At present, Google carries a vulnerability reward program, but it only applies to its own products.
Programs covered under the program by Google
Google Inc (NASDAQ:GOOG) has collected numerous and most popular open source program and code libraries used in networking, image parsing and security, and it will be a tough task to select those companies or organizations who can be rewarded for their work.
Those programs that are expected to receive the award are OpenSSH, OpenSSL, BIND and image parsers such as libjpeg and libpng. Other programs include common components of the Linux kernel, such as the Kernel Based Virtual Machine, along with the open-source foundations of Google Chrome, apart from the Chromium browser and its Blink rendering engine.
The reward program will cover Web servers like Apache and nginx, SMTP services such as Sendmail and Postfix and VPN software such as OpenVPN, among others.
Programmers should send fixes and improvements directly to the project maintainers and if the code is accepted into a project’s repository, then the details should be conveyed to email@example.com.