Google has started a new initiative that will be in lines with its current bug bounty program. The internet juggernaut will announce a fund backup to developers who help identify vulnerabilities in its Secure Open Source(SOS) program.
The aim of this initiative will be to proactively control or weed out any flaws that could help hackers launch application or supply chain attacks.
However, the criterion for receiving the reward will be strictly based on the seriousness of the identified flaw as Google will take NIST guidelines and some points from the newly issued Presidential Executive Order on Cybersecurity along with the fact that how deep the vulnerability could affect the users.
Before now, the Alphabet Incās subsidiary used to entertain disclosure of software flaws with a reward that could range from $505 to $10,000- based on the seriousness and complexity of the vulnerability.
Now, the tech giant wants to increase the rewarding amount to $1m for its SOS program, provided techies help in improving software supply chain attacks by adopting software articraft signing and verification, hardening of CI/CD Pipelines, and enhancements to the existing OpenSSF Scorecard results.
Meanwhile, the web search giant has also rolled out 2-step verification(2SV) to its 150 million account users as an extra layer of security, besides the password login. At the same time, the 2SV feature will also be rolled out to 2 million Youtube content creators as it will help them in preventing unauthorized access to accounts and networks.
