When a developer is writing code, the presumption is that he or she is attempting to do so while avoiding the creation of unwanted security vulnerabilities. And then we have review and testing to help catch any holes that may have slipped through. Still, it’s not a perfect process, and some of those vulnerabilities make their way to released software. Eventually, the bugs might be spotted, either by white hats looking to keep things secure, or hackers looking for something new to exploit. Google isn’t content to just sit back and let all that happen on its own, and has been getting proactive about identifying problem code through its Patch Rewards program. This week, we learn of the program’s expansion to now cover the Android Open Source Project.
Devs who identify and deliver patches to enhance Android security can apply for rewards ranging from $500 to $3,133.70 (cheeky), based on Google’s opinion of just how large an impact that patch makes. We’re not even talking about identifying specifically exploitable bugs – even more general improvements to firm-up security are eligible.
Sure, malware will continue to exist, but efforts like this seek to minimize its impact and keep it from interfering with our day-to-day lives.