In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >
Share
Shulou(Shulou.com)11/24 Report--
CTOnews.com August 31 news, Google as early as 2010 launched the vulnerability reward program (VRP). As the name suggests, it encourages researchers and cybersecurity experts to detect security problems and vulnerabilities and then report them privately to vendors. After reporting, these errors will be fixed by the company, and those who discover the problem will be rewarded with money. Over the past few years, Google has been working to unify the platform and expand it to more platforms. Now Google has announced another expansion, this time in the open source software (OSS) space.
Google emphasizes that it is one of the largest contributors and maintainers of OSS, with projects such as Golang, Angular and Fuchsia, and understands the need to protect this space. Therefore, its OSS VRP program also aims to encourage dedicated efforts in this regard.
OSS VRP focuses on any OSS code under Google's portfolio. CTOnews.com understands that this includes not only items it maintains, but also any OSS dependencies maintained by other vendors. The two types of OSS covered by this VRP are defined as follows:
All the latest versions of open source software stored in Google-owned public repositories organized by GitHub (including repository settings)
Third-party dependencies of these projects (affected dependencies need to be notified prior to submission to Google's OSS VRP)
The types of submissions Google currently accepts include vendor vulnerabilities, design flaws, and general security issues such as weak or compromised credentials, or insecure deployments. Rewards start at $100 and can go up to $31337, capped at more sensitive items such as Bazel, Angular, Golang, Protocol buffers and Fuchsia.
Google hopes this community-driven collaborative effort will help improve OSS security. The plan is part of a $10 billion cybersecurity investment Google announced a year ago after meeting with the U.S. president. Back in April, Google pledged to support the Open Source Security Foundation's (OpenSSF) package analysis project to detect malicious open source packages.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
