Google will now pay bounties for open source software bugs TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. Google will now pay bounties for open source software bugs By Craig Hale published 31 August 2022 Earn up to $31,337 for finding a bug in Google's open source software (Image credit: Shutterstock / Elle Aon) Audio player loading… Google has launched a new program that will pay bounties for bugs found in its open source projects. The Open Source Software Vulnerability Rewards Program (opens in new tab) (OSS VRP) is the latest addition to the tech giant's existing VRPs offering up cash for discoveries. The company says that its first VRP, aimed at those who helped secure Google's code, was one of the first in the world. Already in its second decade of operation, Google is keen to highlight its commitment to supporting security researchers and bug hunters. Google OSS bugs Google says the VRPs cover various Chrome and Android code across the company's wider operations, which have resulted in over $38 million being paid out to more than 13,000 contributions, from a total of 84 countries. Furthermore, Google has pledged to invest $10 billion to improve cybersecurity among its own users and open source software consumers. Google cites Codecov and Log4j as two of the most prominent incidents which have contributed to last year's 650% year-on-year increase in OSS supply chain-targeted attacks. Read more> Check out the best patch management software > Open source bug leaves hundreds of thousands of sites open to attack > Google might actually be the best friend for open-source software right now Google's Security Blog (opens in new tab) says the OSS VRP focuses on "all up-to-date versions" of OSS stored in the Google-owned GitHub organization spaces, such as GoogleAPIs and GoogleCloudPlatform, though the "top awards" are reserved for the most sensitive projects, which Google sets out to be Bazel, Angular, Golang, Protocol buffers, and Fuchsia; a list that's expected to expand after the initial program rollout. The targets for any hunters include: "vulnerabilities that lead to supply chain compromise; design issues that cause product vulnerabilities; [and] other security issues such as sensitive or leaked credentials, weak passwords, or insecure installations." Rewards range from a measly $100 to a substantial $31,337, depending on the severity of the vulnerability uncovered, however any applicable bugs that are found that do not relate specifically to this VRP shall not be wasted, with Google promising to redirect any findings to the relevant VRP (and pot of cash). These are the best endpoint protection and antivirus software around Craig Hale With several years' experience freelancing in tech and automotive circles, Craig's specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the electrification of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value! See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1You may not have to sell a body part to afford the Nvidia RTX 4090 after all2One of the world's most popular programming languages is coming to Linux3The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me4Blizzard made me explain Overwatch 2 smurfing to my mum for nothing5Apple October launches: the new devices we might see this month1Best laptops for designers and coders 2The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me3Stop saying Mario doesn't have an accent in The Super Mario Bros. Movie4Microsoft Teams users are using it for a really bad reason, so stop now5iPhone 15 tipped to come with an upgraded 5G chip Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)