当前位置: 首页 > OpenSource > 正文

Google offers “leet” cash prizes for updates to Linux and other OS software

Google is offering rewards as high as $3,133.70 for software updates that improve the security of OpenSSL, OpenSSH, BIND, and several other open-source packages that are critical to the stability of the Internet.

The program announced Wednesday expands on Google’s current bug-bounty program, which pays from $500 to $3,133.70 to people who privately report bugs found in the company’s software and Web properties. Security researchers inside the company considered modifying the program to reward bug reports in open-source software, but eventually decided against that approach. The reason: bug bounty programs often invite a flood of reports of varying quality that can overwhelm the finite resources of open-source developers. What’s more, it’s frequently much harder to patch a vulnerability than merely to find it.

“So we decided to try something new: provide financial incentives for down-to-earth, proactive improvements that go beyond merely fixing a known security bug,” Michael Zalewski, a member of the Google security team, wrote in a blog post. “Whether you want to switch to a more secure allocator, to add privilege separation, to clean up a bunch of sketchy calls to strcat(), or even just enable ASLR—we want to help.”

Read 2 remaining paragraphs | Comments

       



本文固定链接: http://2hei.net/custom-id-google-offers-leet-cash-prizes-for-updates-to-linux-and-other-os-softwarewed-09-oct-2013-165250-0700.html | 2hei's site

该日志由 2hei 于2013年10月09日发表在 OpenSource 分类下,
原创文章转载请注明: Google offers “leet” cash prizes for updates to Linux and other OS software | 2hei's site

报歉!评论已关闭.