December 22, 2014

Google paying bounties for finding security holes in Android

android_stock7_720w

Google has expanded its Patch Reward Program and will now reward those who help fix flaws in Android’s code.

Google is now offering bounties to those who find security holes in Android’s code. As explained in a blog post on the Google Online Security blog, the Patch Rewards Program has expanded to include the mobile platform of Android.

Those who find, patch, and report the vulnerabilities can earn anywhere from a few hundred dollars ($500) up to thousands ($3,133.70) of dollars. In some cases, Google will go considerably further and dole out bigger rewards. Heck, just last week someone going by the handle of Pinkie Pie netted themselves $50,000 for helping bring to attention a security hole in Chromium.

About a month ago, we kicked off our Patch Reward Program. The goal is very simple: to recognize and reward proactive security improvements to third-party open-source projects that are vital to the health of the entire Internet. We started with a fairly conservative scope, but said we would expand the program soon. Today, we are adding the following to the list of projects that are eligible for rewards:

  • All the open-source components of Android: Android Open Source Project
  • Widely used web servers: Apache httpd, lighttpd, nginx
  • Popular mail delivery services: Sendmail, Postfix, Exim, Dovecot
  • Virtual private networking: OpenVPN
  • Network time: University of Delaware NTPD
  • Additional core libraries: Mozilla NSS, libxml2
  • Toolchain security improvements for GCC, binutils, and llvm

via TheNextWeb