August 30, 2022 06:15 pm
Original Link: https://www.theverge.com/2022/8/30/23328977/google-open-source-bug-bounty-supply-chain-hacks-dependencies
Googles open-source bug bounty aims to clamp down on supply chain attacks
Google has introduced a new vulnerability rewards program to pay researchers who find security flaws in its open-source software or in the building blocks that its software is built on. It’ll pay anywhere from $101 to $31,337 for information about bugs in projects like Angular, GoLang, and Fuchsia or for vulnerabilities in the third-party dependencies that are included in those projects’ codebases.
While it’s important for Google to fix bugs in its own projects (and in the software that it uses to keep track of changes to its code, which the program also covers), perhaps the most interesting part is the bit about third-party dependencies. Programmers often use code from open-source projects so they don’t continuously have to reinvent the...
Original Link: https://www.theverge.com/2022/8/30/23328977/google-open-source-bug-bounty-supply-chain-hacks-dependencies
Share this article:
Tweet
View Full Article
The Verge
The Verge is an ambitious multimedia effort founded in 2011More About this Source Visit The Verge