About a month ago, we kicked off our Patch Reward Program. The goal is very simple: to recognize and reward proactive security improvements to third-party open-source projects that are vital to the health of the entire Internet.
We started with a fairly conservative scope, but said we would expand the program soon. Today, we are adding the following to the list of projects that are eligible for rewards:
- All the open-source components of Android: Android Open Source Project
- Widely used web servers: Apache httpd, lighttpd, nginx
- Popular mail delivery services: Sendmail, Postfix, Exim, Dovecot
- Virtual private networking: OpenVPN
- Network time: University of Delaware NTPD
- Additional core libraries: Mozilla NSS, libxml2
- Toolchain security improvements for GCC, binutils, and llvm
For more information about eligibility, reward amounts, and the submission process, please visit this page. Happy patching!