Google is expanding its bug bounty program to include awards for patches that make material security improvements to open source software – even when the software isn’t directly maintained by Google itself.
The Chocolate Factory has been rewarding developers for security fixes to its own software since 2010, when it kicked off its bounty program for the Chrome web browser. Now the company says it will also shell out cash to developers who submit fixes to select non-Google software, too.
To qualify for the program, developers must produce “down-to-earth, proactive improvements that go beyond merely fixing a known security bug,” according to a blog post by Google security team member Michal Zalewski on Wednesday.
SOURCE: theregister.co.uk
