Even more patch rewards!

Monday, November 18, 2013 3:47 PM

About a month ago, we kicked off our Patch Reward Program. The goal is very simple: to recognize and reward proactive security improvements to third-party open-source projects that are vital to the health of the entire Internet.

We started with a fairly conservative scope, but said we would expand the program soon. Today, we are adding the following to the list of projects that are eligible for rewards:

  • All the open-source components of Android: Android Open Source Project
  • Widely used web servers: Apache httpd, lighttpd, nginx
  • Popular mail delivery services: Sendmail, Postfix, Exim, Dovecot
  • Virtual private networking: OpenVPN
  • Network time: University of Delaware NTPD
  • Additional core libraries: Mozilla NSS, libxml2
  • Toolchain security improvements for GCC, binutils, and llvm

For more information about eligibility, reward amounts, and the submission process, please visit this page. Happy patching!

The comments you read here belong only to the person who posted them. We do, however, reserve the right to remove off-topic comments.


James Calvin said...

The vulnerability program to improve security on third party software is a great idea. The open source community wants to improve software in the security area. The financial incentive that your team would provide has great potential to advance the program. The patched that are submitted could be a major benefit to the programs listed. Is Google model going forward to open source?