Google plans to offer rewards to programmers and researchers for fixing Android bugs.
Recently Google Inc. the search engine giant at the Black Hat Mobile Security Summit, has announced that a Security Rewards program will be launched on Android operating system. The reason behind this program is to incentivize and motivate researchers so that they can research and resolve the threats and vulnerabilities associated with the tech behemoths operating system.
According to sources, the Reward program caters to the recent operating system for the upcoming Google Nexus smartphone. To date the reward program only encompasses Nexus 9 tablet and Nexus 6 smartphone. The researchers and programmers can almost make around $8,000 on the basis of the severity of the threat. The head of security affairs at Android, Adrian Ludwig, has made an announcement at the conference mentioned that Google Nexus is the only product line that is offering major reward programs at this time.
The program tailored by the company offers massive rewards along with recognition as well as public admiration for revealing various vulnerabilities to the Android team. The company will honor the programmer and researcher rewards on the severity of the issue along with the quality of the report provided by the programmer or researcher.
However, it is pretty obvious that only the first report regarding specific bug will be rewarded by the company. Moreover, if someone reports these vulnerabilities without resolving them to third parties then the company will not entertain such programmers or researchers.
According to BidnessETC, “Researchers will not be rewarded for every bug found and solved on the Android platform, but there is a criteria set for the bugs which will be recognized by Android’s security team. Bugs which are considered eligible are those included in the Android Open Source Project (AOSP) code, the TrustZone operating system and modules, the kernel, and the OEM code.” So now it is said that the bug might have an impact on the overall security of the operating system. Also, it is not essential that they exist in the Android code to be eligible.
Google at this point has made it relatively clear in conveying the message regarding the reward program turns out to be a booster for Nexus then it will be expanded to several other devices and platforms. The researchers that have narrowed their focus to patches and tests “that revolve around security features like NX, sandboxing, and ASLR, will receive larger rewards.”
Hence Google has come up with an innovative venture that will encourage the researchers and programmers to invest their time in overcoming bugs for Nexus.
No comments:
Post a Comment