"Google Launches New Open-Source Software Vulnerability Rewards Program (OSS VRP)"

The Open-Source Software Vulnerability Rewards Program (OSS VRP) is a new initiative launched by Google. Google's open-source projects are the focus of this new program. Depending on the severity of the vulnerability, the company is offering rewards ranging from $100 to $31,337. Google says that it has already paid out more than $38 million in compensation for vulnerabilities discovered in products such as Chrome and Android. According to the company, the launch of this new program addresses the increasingly prevalent reality of rising supply chain compromises. The higher OSS VRP payouts are reserved for the most sensitive projects, according to Google. By this, the company means Bazel, Angular, Golang, Protocol buffers, and Fuchsia, but this is a growing list. To focus efforts on findings that could have the most significant impact on the supply chain, Google welcomes submissions of vulnerabilities that lead to supply chain compromise, design issues that cause product vulnerabilities, and other security issues such as sensitive or leaked credentials, weak passwords, or insecure installations. This article continues to discuss the launch and focus of Google's OSS VRP. 

BetaNews reports "Google Launches New Open-Source Software Vulnerability Rewards Program (OSS VRP)"