Back in October, Google announced a rewards program that would give financial incentives for "down-to-earth, proactive improvements" to security across third-party open-source projects that Google deems "vital to the health of the entire Internet."

Starting with core infrastructure services, Chrome foundations and other "high impact libraries," Google vowed to expand the program soon. Today, in an entry to the official security blog, Google announced that the program has been expanded in scope to include open-source bits of Android, found in AOSP, and several other projects.

We started with a fairly conservative scope, but said we would expand the program soon. Today, we are adding the following to the list of projects that are eligible for rewards:

  • All the open-source components of Android: Android Open Source Project
  • Widely used web servers: Apache httpd, lighttpd, nginx
  • Popular mail delivery services: Sendmail, Postfix, Exim, Dovecot
  • Virtual private networking: OpenVPN
  • Network time: University of Delaware NTPD
  • Additional core libraries: Mozilla NSS, libxml2
  • Toolchain security improvements for GCC, binutils, and llvm

According to the patch rewards guidelines, rewards can range from $500 to $3,133.70, with higher rewards going to solutions with unusually high impact or solutions to exceedingly complex issues.

If you have any ideas for proactive solutions to potential security issues in Android, check out the blog entry or guidelines for submission below.

Source: Google Online Security, Guidelines

Liam Spradlin
Liam loves Android, design, user experience, and travel. He doesn't love ill-proportioned letter forms, advertisements made entirely of stock photography, and writing biographical snippets.

  • http://www.deathbycone.com Jared Kotoff

    dat 1337 monies

    • Simon Belmont

      It's not just 1337. It's 31337.

      The best of the best. The cream of the crop.

  • squiddy20

    I'm curious to know why the 70 cents is included...
    Almost makes me think a group of people wrote down arbitrary numbers and drew out of a hat. Sounds exactly like Google :P

  • Dinh Xuan
  • Matthew Fry

    Good guy Google.