Last month Google kicked off the Patch Reward program, offering financial incentives for developers who uncover and devise solutions to security issues in its Chrome browser. Today, the search giant is widening its rewards program to cover any and all security flaws within Android along with a number of other projects.
Beyond the Android Open Source Project, Google’s Patch Reward Program now covers three other major Web services: Apache httpd, lighttpd and nginx. It also includes popular mail services Sendmail, Postfix, Exim, Dovecot; virtual private networking project OpenVPN; and tolchain security improvements for GCC, binutils, and llvm. Basically, anything within Google search, YouTube, Blogger or Orkut is also included. The company notes that non-web applications, new acquisitions within the month they’re purchased, Motorola and Zagat are excluded from the program.
Don’t expect to make a fortune by uncovering Android exploits though. Google generally pays just a few $100 for each security flaw, though the company has paid more in certain situations. In fact, just last week famed teenage hacker Pinkie Pie earned $50,000 for thwarting an attack on Chrome.