Google announces open source vulnerability reward program after Log4j, Codecov issues

Google is starting a bug bounty program, named the Open Source Software Vulnerability Rewards Program (OSS VRP), offering up to $31,337 to cybersecurity researchers to find potential bugs leading to security issues in open source software. The company plans to focus on all versions of such software in Google’s GitHub organisations. It is one of the first renowned open source vulnerability programs of its kind.