Google Expands OSS-Fuzz Bounty Program and Offers Rewards of Up to $30.000 for Researchers Who Find Security Flaws inletterthe open ones code.
The expanded field applications of the program now means that the total rewards per integration increase from $20.000 to $30.000. The purpose of OSS-Fuzz is to support open source projects with fuzz testing, and the new reward categories support those who create more ways to integrate new projects.
Google has created two new reward categories that reward broader improvements across all OSS-Fuzz projects.
It offers up to $11.337 per category. It also offers rewards for notable FuzzBench fuzzer integrations and for incorporating new sanitizers or “bug detectors” that help find vulnerabilities.
“We hope to accelerate the integration of critical open source projects into OSS-Fuzz by providing stronger incentives for researchers better safetyand open source maintainers", he says Oliver Chang of Google's OSS-Fuzz team.