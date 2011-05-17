Stories
Google Offers $20,000 to Join OSS-Fuzz Program

posted by Fnord666 on Friday May 12, @12:48AM   Printer-friendly
MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Five months ago, Google launched its free OSS-Fuzz service with the purpose to help open source developers locate bugs in their code. "It is important," said Google at the time, "that the open source foundation be stable, secure, and reliable, as cracks and weaknesses impact all who build on it."

Since then, the cloud service has attracted 47 open-source projects and has uncovered more than 1,000 bugs (264 of which are potential security vulnerabilities) while processing 10 trillion test inputs per day.

Google now wishes to attract more OSS projects to the initiative, and is offering a reward to do so. "We believe that user and internet security as a whole can benefit greatly if more open source projects include fuzzing in their development process," the company announced in a blog post yesterday. "To this end, we'd like to encourage more projects to participate and adopt the ideal integration guidelines that we've established."

Google is expanding its Patch Rewards program to include rewards for the integration of fuzz targets into OSS-Fuzz. It will pay projects $1,000 for the initial integration, and up to $20,000 (at its own discretion) for what it describes as an 'ideal integration'.

Source: http://www.securityweek.com/google-offers-20000-join-oss-fuzz-program

  • (Score: 0) by Anonymous Coward on Friday May 12, @01:59AM

    by Anonymous Coward on Friday May 12, @01:59AM (#508427)

    It's Google so how is it evil? Any GPL code you submit gets copyright assigned to Google and re-licensed under BSD instead?

