Security 10809 Published by

Google is going to start paying the security community for discovering open source software vulnerabilities and will pay bug bounty rewards up to $3,133.7



From The Inquirer:
"So we decided to try something new: provide financial incentives for down-to-earth, proactive improvements that go beyond merely fixing a known security bug. Whether you want to switch to a more secure allocator, to add privilege separation, to clean up a bunch of sketchy calls to strcat(), or even just to enable ASLR - we want to help."

Five types of disclosure will be accepted immediately. These include those that affect "Core infrastructure network services" like OpenSSH, BIND, and ISC DHCP, and "high impact" libraries like OpenSSL.
  Google will pay open source vulnerability finders