Google’s Patch Reward Program was established to recognize proactive security improvements to open-source projects. This week, Google Security Team announced some more projects eligible for rewards under the initiative. Included in this list are:
- All the open-source components of Android: Android Open Source Project
- Widely used web servers: Apache httpd, lighttpd, nginx
- Popular mail delivery services: Sendmail, Postfix, Exim, Dovecot
- Virtual private networking: OpenVPN
- Network time: University of Delaware NTPD
- Additional core libraries: Mozilla NSS, libxml2
- Toolchain security improvements for GCC, binutils, and llvm
The Patch Reward Program encourages volunteers to improve the security of key third-party software critical to the health of the entire internet.
Volunteers are required to submit their patches to the maintainers of individual projects. Submissions which are deemed to have a positive impact on the project’s security qualify for a rewared of between $500 and $3133.7. More information on the program can be found here.