Google Expands Open Source Bounties, Will Soon Support Javascript Fuzzing Too

Google has expanded OSS-Fuzz Reward Program to offer rewards of up to $30,000 for researchers who find security flaws in open source programs. From a report: The expanded scope of the program now means the total rewards possible per project integration rise from $20,000 to $30,000. The purpose of OSS-Fuzz is to support open source projects adopt fuzz testing and the new categories of rewards support those who create more ways of integrating new projects. Google created two new reward categories that reward wider improvements across all OSS-Fuzz projects. It offers up to $11,337 available per category. It's also offering rewards for notable FuzzBench fuzzer integrations, and for integrating new sanitizers or 'bug detectors' that help find vulnerabilities. "We hope to accelerate the integration of critical open source projects into OSS-Fuzz by providing stronger incentives to security researchers and open source maintainers," explains Oliver Chang of Google's OSS-Fuzz team.

Read more of this story at Slashdot.