Google’s new program offers security researchers money if they find vulnerabilities in its open-source projects or the libraries those projects depend on.
Google is not alone in offering so-called bug bounty programs which give financial incentives to contributors to track down vulnerabilities and security issues in its software. Now the company has launched a new initiative called the Open Source Software Vulnerability Rewards Program (OSS VRP).