Google Expands Scope of Its Patch Rewards Program


Google’s Patch Reward Program was established to recognize proactive security improvements to open-source projects. This week, Google Security Team announced some more projects eligible for rewards under the initiative. Included in this list are:

  • All the open-source components of Android: Android Open Source Project
  • Widely used web servers: Apache httpd, lighttpd, nginx
  • Popular mail delivery services: Sendmail, Postfix, Exim, Dovecot
  • Virtual private networking: OpenVPN
  • Network time: University of Delaware NTPD
  • Additional core libraries: Mozilla NSS, libxml2
  • Toolchain security improvements for GCC, binutils, and llvm

The Patch Reward Program encourages volunteers to improve the security of key third-party software critical to the health of the entire internet.

Volunteers are required to submit their patches to the maintainers of individual projects. Submissions which are deemed to have a positive impact on the project’s security qualify for a rewared of between $500 and $3133.7. More information on the program can be found here.



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.