Google imakulitsa pulogalamu yake ya mphotho
Google yatsimikiziranso kudzipereka kwake pakutsegula gwero ndipo watulutsa pulogalamu yatsopano kuthandiza ofufuza zachitetezo ndi alenje za zolakwika zopereka mphotho zandalama aliyense amene atha kupeza zofooka mumapulogalamu otsegulira omwe amatsogolera.
The Rewards Programme yalengeza ndizowonjezera zaposachedwa kwambiri pagulu la Google lavulnerability bounty programs ndi imayang'ana kwambiri ochita kafukufuku opindulitsa zomwe zimapeza nsikidzi zomwe zingawononge mapulojekiti omwe amagwiritsidwa ntchito kwambiri padziko lonse lapansi.
Yakhazikitsidwa kuti ilipire ndikuthokoza omwe amathandizira kuti ma code a Google akhale otetezeka kwambiri, pulogalamu yoyambirira ya VRP inali imodzi mwa oyamba padziko lapansi ndipo tsopano ikuyandikira chaka chake cha 12. M'kupita kwa nthawi, mndandanda wathu wa VRP wakula ndikuphatikiza mapulogalamu omwe amayang'ana pa Chrome, Android, ndi madera ena. Pamodzi, mapulogalamuwa apereka mphotho zopitilira 13 zomwe zaperekedwa, ndikulipira ndalama zopitilira $000 miliyoni.
Monga ambiri adzadziwa, Google ndiyomwe imayang'anira mapulojekiti ambiri otseguka, izi ndi chitsanzo cha Android, Golang, TypeScript-based web application framework Angular, ndi Fuchsia opareting'i sisitimu ya zipangizo zanzeru kunyumba monga Nest.
Lero tikukhazikitsa Google's Open Source Software Vulnerability Reward Program (OSS VRP) kuti ipereke mphotho zomwe zapezeka pachiwopsezo pamapulojekiti otsegula a Google. Pokhala ndi udindo wama projekiti akuluakulu monga Golang, Angular, ndi Fuchsia, Google ili m'gulu la omwe amathandizira kwambiri komanso ogwiritsa ntchito potsegula padziko lonse lapansi. Ndi kuwonjezera kwa OSS VRP ya Google ku banja lathu la Vulnerability Bounty Programs (VRPs), ofufuza tsopano atha kulipidwa chifukwa chopeza nsikidzi zomwe zitha kusokoneza chilengedwe chonse.
Zowopsa ndizovuta kwambiri, Google idafotokoza mu positi ya blog. Anati pali chiwonjezeko cha 650% pakuwukira komwe akuwukira ku makina otsegulira mapulogalamu otsegulira chaka chatha, zomwe zinachititsa kuti pakhale zovuta zazikulu monga chiopsezo cha Log4Shell chikugwiritsidwa ntchito.
Holger Mueller wa Constellation anati: "Kusaka nsikidzi ndi chida chodziwika bwino osati chongokulitsa luso la mapulogalamu omwe amaperekedwa, komanso kukulitsa chidziwitso cha otukula pomwe akugwira ntchito ngati chilimbikitso cholumikizirana mozama ndi code," adatero Holger Mueller wa Constellation. Research Inc. ndizabwino kuwona kuti Google ikupereka kusaka kwina kwa cholakwika, chotchedwa Open Source Software Vulnerability Program. Magawo onse ndi okongola, madera otukuka ndi osasinthika, ndiye tiwona momwe kuyankha kungakhalire, komanso, chofunikira kwambiri, ndi zolakwika ziti komanso kutengeranso mapulaneti omwe angapezeke. ”
Pulogalamu ya OSS VRP yomwe yalengezedwa lero ndi gawo la kudzipereka kumeneko.
Koma, Google imalimbikitsa ofufuza kuti awonenso kachidindo ka pulogalamu yake yotseguka ndikuwonetsa zovuta zilizonse zomwe amazipeza Google idati idzalipira ndalama zotengera kuopsa kwa chiwopsezo komanso kufunikira kwa polojekitiyi, kuyambira $100 mpaka $31,337. Zopindulitsa zazikulu zidzaperekedwanso ku "zowopsa zachilendo kapena zosangalatsa," zomwe Google imalimbikitsa ofufuza kuti apange luso.
Kuphatikiza pa mphotho, ogwiritsa ntchito amathanso kuzindikirika ndi anthu pazomwe apeza ngati asankha. Kwa iwo omwe akufuna kupereka mphotho yawo ku zachifundo, Google idati izigwirizana ndi zoperekazo kuchokera mulu wawo wandalama.
Google idafotokoza kuti ofufuza akuyenera kuyang'ana zoyesayesa zawo pamapulogalamu aposachedwa kwambiri omwe amatsogolera, omwe amapezeka m'malo osungira anthu patsamba la Google la GitHub. Kusaka kwa cholakwika kumafikiranso ku kudalira kwa chipani chachitatu pama projekitiwo.
Mapeto Ngati mukufuna kudziwa zambiri zazolemba, mutha kuwona zomwe zatulutsidwa ndi Google mu kutsatira ulalo.
Khalani oyamba kuyankha