Google is increasing the scope of its open source OSS-Fuzz bug bounty program and adding assistance for applications created in the most widely used programming languages.
Due to the program’s expanded scope, the maximum rewards that can now be awarded for each project integration have increased from USD 20,000 to USD 30,000. The goal of OSS-Fuzz is to assist open-source projects in implementing fuzz testing, and the new reward categories assist those who develop more strategies for incorporating new projects.
Two new reward categories that Google created recognize broader improvements across all OSS-Fuzz projects. Additionally, it is rewarding notable FuzzBench fuzzer integrations as well as the addition of fresh vulnerability-finding “bug detectors” or sanitizers.