Google’s open-source bug bounty aims to clamp down on supply chain attacks

An important and sometimes overlooked part of security | Photo by Amelia Holowaty Krales / The Verge

Google has introduced a new vulnerability rewards program to pay researchers who find security flaws in its open-source software or in the building blocks that its software is built on. It’ll pay anywhere from $101 to $31,337 for information about bugs in projects like Angular, GoLang, and Fuchsia or for vulnerabilities in the third-party dependencies that are included in those projects’ codebases.

While …

attacks bounty bug bug bounty down google supply supply chain supply chain attacks