The Internet giant announced that it is launching an incentive program to encourage, for key open source projects, the creation of significant security patches (beyond simple fixes for known bugs).
Google announced on its blog Google Online Security Blog that the patches that are of interest are, for example, adding privilege separation or enabling Address Space Layout Randomisation (ASLR). The following projects are concerned:
We intend to soon extend the program to:
The Mountain View company invites developers interested in the rewards program to read the rules and to submit their security patches to the people in charge of each project. If the patch is accepted and integrated in the repository, the developer must then submit an application in writing to security-patches@google.com. Google will then judge the contribution and, if deemed significant, it may offer a reward ranging from 500 to over 3000 dollars.
Since Google is building infrastructure on these solutions, there is no doubt that it can benefit from improvement suggestions.