The Search giant Engine Google on October 9, 2013 announced a new, experimental program that rewards proactive security improvements to select Open-source projects.This effort complements and focuses their long-running vulnerability reward programs for Google web applications and for the new Google Chrome OS.The Official announcement on the Google’s Blog reads:
We all benefit from the amazing volunteer work done by the open source community. That’s why we keep asking ourselves how to take the model pioneered with our Vulnerability Reward Program - and employ it to improve the security of key third-party software critical to the health of the entire Internet
As per Google announcing only a Bug hunting program for the developers won’t generate specific volume of traffic for the same and could easily backfire it for them.So,Google will now reward the Developer who actually finds a Bug and reports the patch to Google’s Security Team.
What Programs are included in Patch Reward Program?
These additions join the following five project types with which Google launched its program in October:
What type of Submission are subjected to Qualifying ?
Any patch that has a demonstrable, significant, and proactive impact on the security of one of the in-scope projects will be considered for a reward