在 Slashdot 上看到 Google 將發現安全問題的獎勵從自家產品延伸到 Open Source 專案上:「Google Offers Cash For Security Fixes To Linux and Other FOSS Projects」。
官方的公告在「Going beyond vulnerability rewards」,規則則是在「Patch Rewards – Application Security – Google」。
初期限制在這些專案上:(直接複製過來)
- Core infrastructure network services: OpenSSH, BIND, ISC DHCP
- Core infrastructure image parsers: libjpeg, libjpeg-turbo, libpng, giflib
- Open-source foundations of Google Chrome: Chromium, Blink
- Other high-impact libraries: OpenSSL, zlib
- Security-critical, commonly used components of the Linux kernel (including KVM)
獎勵金額從 USD$500 到 USD$3133.7,這邊的 31337 應該是出自「Leet」吧...
這算是一種回饋社群的方式...