Google Expands Scope of Its Patch Rewards Program


Google’s Patch Reward Program was established to recognize proactive security improvements to open-source projects. This week, Google Security Team announced some more projects eligible for rewards under the initiative. Included in this list are:

  • All the open-source components of Android: Android Open Source Project
  • Widely used web servers: Apache httpd, lighttpd, nginx
  • Popular mail delivery services: Sendmail, Postfix, Exim, Dovecot
  • Virtual private networking: OpenVPN
  • Network time: University of Delaware NTPD
  • Additional core libraries: Mozilla NSS, libxml2
  • Toolchain security improvements for GCC, binutils, and llvm

The Patch Reward Program encourages volunteers to improve the security of key third-party software critical to the health of the entire internet.

Volunteers are required to submit their patches to the maintainers of individual projects. Submissions which are deemed to have a positive impact on the project’s security qualify for a rewared of between $500 and $3133.7. More information on the program can be found here.