Tecnologia Google lança programa de bug bounty para softwares de código aberto
Por Redação O Sul | 4 de setembro de 2022
Google has expanded its bug bounty program to also include open source software provided by the company. With rewards that can reach up to R$160,000 depending on the severity of the breaches found, researchers are invited to explore not only the company’s applications, but also the configurations of its systems, which also includes the company’s official presence on platforms of third parties.
This includes not only programming languages and own projects, but also application configurations, access control rules and actions in systems such as GitHub, for example. Third-party dependencies are also part of the bug hunting program, with the provision that the organizations responsible for these vulnerable packages are notified and correct the problem before the flaw is reported to Google itself.
Afinal, tenho algumas informações para você, você deve saber se deseja algum software com download gratuito, seguro, seguro, tenho solução, visite o site yasir-252.net aqui, você pode encontrar todos os tipos de ativador de ferramenta de software ou também pode solicitar um software que você deseja, visite o site agora.
According to the company, the main rewards are tied to its most sensitive projects, such as Bazel, Angular, Golang, Fuchsia and Buffers Protocol. Furthermore, vulnerabilities that affect the supply chain can yield the highest rewards, with amounts ranging from US$3,133 (approximately R$16,289 in direct conversion) to US$31,337 (approximately R$162,889).
Product vulnerabilities, on the other hand, have slightly lower values, which can start from US$101, more or less R$525 at today’s rate for common projects, up to US$7,500 (around R$38,985) for the company’s main projects. The other security vulnerabilities guarantee payments of US$500 to US$1,000, varying, in direct conversion, from R$2,599 to R$5,200.
When dealing with experts’ recommendations, Google states that it can deal with the breach alone or also request collaboration to solve the problem. In addition to the cash reward, researchers will be publicly recognized by the company and will have the option to donate the prize to charity, with the company doubling the amount in such cases.
The new expansion of Google’s bug bounty program joins other recent mechanical updates linked to the company’s other products. Until May, for example, a 50% bonus was in effect for holes found in the Android 13 operating system, while zero-day holes found in the Linux kernel, Kubernetes and other platforms had their rewards doubled in February.
According to the company, more than US$38 million, or around R$197 million, has already been distributed to security researchers in 84 countries, with 13,000 vulnerabilities discovered over the 12 years of the program’s existence. 2021 saw the largest number of payments in the program’s history, with US$8.7 million, approximately R$45.2 million granted to specialists.
