Google Extends Patch Reward
Written by Andrew Johnson   
Tuesday, 19 November 2013

Google's Patch Reward Program, launched last month with cash up to $3,133.70 on offer for contributing security improvements to open source software has been extended and the Android Open Source Project is the surprise inclusion.

The Patch Reward Program doesn't just ask hackers to find bugs, as explained when it was initially launched in October 2013, it is looking for "proactive improvements that go beyond merely fixing a known security bug" and hackers who come up with significant patches can expect substantial amounts of cash, awarded at the discretion of the reward panel.

eleet

If you are puzzled by the sum chosen for the top payout, it spells "eleet" in  leetspeak, the alphabet that uses combinations of ASCII characters to replace letters. In Leet 3 stands for e, 1 for l and 7 for t  In its existing Vulnerability Reward Program, Google frequently uses rewards of  $1,337 - i.e. "leet", a term that means "formidable prowess or accomplishment" particularly in hacking.

The overall goal of the Patch Reward Scheme is to:

improve the security of key third-party software critical to the health of the entire Internet. 

When introduced the program was restricted to a few core infrastructure projects with the idea of rolling it out gradually based on the quality of the submissions it received. There hasn't been any feedback as yet as to the response received but the Google Security Team has already widened its scope, adding the following: 

  • Widely used web servers: Apache httpd, lighttpd, nginx

  • Popular mail delivery services: Sendmail, Postfix, Exim, Dovecot

  • Toolchain security improvements for GCC, binutils, and llvm

  • Virtual private networking: OpenVPN

  • All the open-source components of Android: Android Open Source Project

  • Network time: University of Delaware NTPD

  • Additional core libraries: Mozilla NSS, libxml2

This expansion goes beyond what was suggested in the original announcement, in which only the top four were mentioned. The  additional core libraries extend the initial list of Open SSL, zlib and supporting network time seems a logical extension.

The inclusion of Android is, however, unexpected. Although open source, it isn't normally considered "third-party" and, as a mobile technology, it's not normally considered to be critical to the functioning of the Internet.

For developers, however, the increased scope of the rewards program has to be good news, providing more opportunities for earning cash rewards that could mount up to a decent extra income while at the same time doing something useful for the entire community.


eleet

More Information

Patch Rewards

Related Articles

Google Offers Cash For Security Patches

Google Announces More Cash For Security Bugs

Microsoft and Facebook Launch Internet Bug Bounty Scheme

Microsoft Extends Bounty 

Bounty Hunter Awarded $100,000

Facebook Refuses Bounty, Internet Raises Over $10K

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

blog comments powered by Disqus

 

Banner


Microsoft's WinJS - New Cross-Platform Library
19/09/2014

WinJS was Microsoft's JavaScript framework for the creation of "Metro" or WinRT apps. Recently it was open sourced and now, with the release of version 3.0, it has escaped the confines of WinRT to bec [ ... ]



SQL At Hadoop Scale
08/09/2014

Improvements to the Hive engine have been announced by Hortonworks. Stinger.next is intended to deliver enterprise SQL with sub-second query response time and to scale from Gigabytes to Petabytes.


More News

Last Updated ( Tuesday, 19 November 2013 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2014 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.