Η Google επεκτείνει το πρόγραμμα επιβράβευσης OSS-Fuzz και προσφέρει ανταμοιβές έως και 30.000$ για ερευνητές που βρίσκουν ελαττώματα ασφαλείας σε προγράμματα ανοιχτού κώδικα.
The expanded scope of the program now means that the total rewards per integration increase from $20.000 to $30.000. The purpose of OSS-Fuzz is to support open source projects with fuzz testing, and the new reward categories support those who create more ways to integrate new projects.
Google has created two new reward categories that reward broader improvements across all OSS-Fuzz projects.
It offers up to $11.337 per category. It also offers rewards for notable FuzzBench fuzzer integrations and for incorporating new sanitizers or “bug detectors” that help find vulnerabilities.
"We hope to accelerate the integration of critical open source projects into OSS-Fuzz by providing stronger incentives for security researchers and open source maintainers," he says Oliver Chang of Google's OSS-Fuzz team.