Google has expanded the OSS-Fuzz Reward Program to offer up to USD 30,000 in rewards to researchers who discover vulnerabilities in open-source software. Due to the program’s expanded scope, the maximum rewards that can now be awarded for each project integration have increased from USD 20,000 to USD 30,000.
The company said that the goal of OSS-Fuzz is to aid open-source projects in implementing fuzz testing, and the new reward categories aid those who develop more strategies for incorporating new projects. Two new reward categories that Google created recognize broader improvements across all OSS-Fuzz projects.
Additionally, it is rewarding notable FuzzBench fuzzer integrations as well as the addition of fresh vulnerability-finding “bug detectors” or sanitizers.
Read More: Google expands open-source bounties, will soon support Javascript fuzzing too