http://googleonlinesecurity.blogspot.co.uk/2013/10/going-beyond-vulnerability-rewards.html
Google are now paying people, retrospectively, for any patch that improves the security of OpenSSH, BIND, ISC DHCP, libjpeg, libjpeg-turbo, libpng, giflib, Chromium, Blink, OpenSSL, zlib and commonly used components of the Linux kernel (including KVM). Soon, they will also cover Apache httpd, lighttpd, nginx, Sendmail, Postfix, Exim, GCC, binutils, llvm and OpenVPN. This includes the core developers of those projects! Some of this work (e.g. on libjpeg or zlib) will benefit us directly. Other work (e.g. on OpenSSH) will benefit us indirectly, as we use those tools and want them to be secure. However, the inclusion of Chromium/Blink means that this program may steal potential security contributors from Mozilla and attract them to those projects. Can we and should we attempt to do anything about that? Gerv _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
