Google will pay you for improving Android security
Android's success, in the smartphone and tablet markets, makes the operating system's users a popular target for malware writers. Some of the concerns which researchers and security firms frequently expose translate into real threats, while others will likely never see the light of day as they're squashed in their infancy.
Luckily, Google is taking a proactive stance to improving Android's security as the search giant has expanded the patch reward program that was introduced in early October, to also include its Android Open Source Project.
"The goal is very simple: to recognize and reward proactive security improvements to third-party open-source projects that are vital to the health of the entire Internet", says Google's description of the program.
The patch reward program was expanded to include only the open-source part of Android, hence why it is limited solely to the Android Open Source Project. While this represents the largest chunk of code and the core of the mobile OS, it is worth pointing out that proprietary bits, like drivers, are not covered as well.
If Google deems the security improvement as fit for the patch reward program the person who submitted it will receive between $500 and $3,133.7, with the exact amount to be determined by the reward panel on a per-case basis.
Aside from the Android Open Source Project, the latest expansion of the patch reward program also includes the following, as Google mentions:
- Widely used web servers: Apache httpd, lighttpd, nginx
- Popular mail delivery services: Sendmail, Postfix, Exim, Dovecot
- Virtual private networking: OpenVPN
- Network time: University of Delaware NTPD
- Additional core libraries: Mozilla NSS, libxml2
- Toolchain security improvements for GCC, binutils, and llvm
You can find out more about the patch reward program by visiting this address.