News/Tech News

Supply Chain Attacks Targeted by New Open Source Bug Bounty

Published on Sep 01, 2022

A new bug bounty program was introduced by Google on Monday, offering payouts ranging from £86.32 to £27050.88 (a reference to element or leaf).

Open Source Software Vulnerability Rewards Program (OSS VRP) is one of the first open source-specific vulnerability programs.

The program aims to reward vulnerabilities discovered by the tech giant, which maintains Angular, Bazel, Golang, Protocol Buffers, and Fuchsia projects.

Projects managed by Google and hosted on public repositories, such as GitHub and their third-party dependencies, are also eligible.

Bug hunters should submit submissions that meet the following criteria –

  • Supply chain vulnerabilities that compromise the supply chain
  • Vulnerabilities caused by design issues
  • Other security issues such as leaked credentials, weak passwords, or insecure installations

Since a steady escalation in supply chain attacks targeting Maven, NPM, PyPI, and RubyGems, beefing up open source components, especially third-party libraries, has emerged as a top priority.

As one example, the Log4Shell vulnerability in the Log4j Java logging library, discovered in December 2021, caused widespread havoc and became a clarion call for improving the state of software supply chains.

In 2017, there was a 650% increase in attacks on the open source supply chain, including headliner incidents such as Codecov and Log4j, which demonstrated the destructive power of a single open source vulnerability,” said Google’s Francis Perron and Krzysztof Kotowicz.

A similar reward program was instituted by Google last November for uncovering privilege escalation, and Kubernetes escape exploits. The maximum amount has since been raised to £78,844 until the end of 2022 from £43452.

As part of its efforts to strengthen the security of critical open source projects, Google also announced the creation of a new “Open Source Maintenance Crew” earlier this May.

Tech News

Malware updates for macOS

Malware updates for macOS Monterey with Python 3

With XCSSET macOS malware, the operators have added support for macOS Monterey by upgrading its source code components to Python 3…

best programming languages

Top programmable languages for 2022

IEEE Spectrum, the official publication of the IEEE, has published its ninth annual ranking of the best programming languages Despite Python’s dominance, C…

Our Latest Blog

Unlock Your Potential with a Level 5 Diploma in Business London's Top Courses img

Unlock Your Potential with a Level 5 Diploma in Business: London’s Top Courses

Are you looking to enhance your knowledge and skills in the field of business? Do...
Read More
Unlock Your Potential with Level 4 Diploma in Business Courses in London img

Unlock Your Potential with Level 4 Diploma in Business Courses in London

Are you looking for a comprehensive course to take your business career to the next...
Read More

Follow Us


Browse LSET presentations to understand interesting…

Explore Now

Get complete guides to empower yourself academically…

Explore Now

Learn about information technology and business…

Explore Now