Google inowedzera iyo portfolio yemapurogiramu emubairo
Google yakasimbisa kuzvipira kwayo kuvhura sosi uye akaita kuti isunungurwe chirongwa chitsva kutsigira vatsvakurudzi vezvokuchengetedza nevavhimi yezvikanganiso zvinopa mibairo yemari chero munhu angangowana kusagadzikana mune yakavhurika sosi software mapurojekiti aanotungamira.
The Rewards Programme yakaziviswa ndiyo ichangoburwa yekuwedzera kumhuri yeGoogle yevarombo bounty zvirongwa uye inotarisa kune vanopa mibairo vaongorori vanowana tsikidzi dzinogona kukuvadza mamwe mapurojekiti anoshandiswa zvakanyanya pasi rose.
Yakagadzirirwa kubhadhara nekutenda avo vanobatsira kuita kuti kodhi yeGoogle ive yakachengeteka, chirongwa chekutanga cheVRP chaive chekutanga pasirese uye chave kusvika kusvitsa kwayo makore gumi nemaviri. Nekufamba kwenguva, yedu VRP mutsara wakawedzera kuti ubatanidze zvirongwa zvakanangana neChrome, Android, nedzimwe nzvimbo. Pamwe chete, zvirongwa izvi zvakapa mibairo inodarika zviuru gumi nezvitatu, nemari inobhadharwa inodarika mamirioni makumi matatu nemasere emadhora.
Sezvo vazhinji vachaziva, Google inonyanya kuita basa remapurojekiti mazhinji akavhurwa sosi, wakadaro muenzaniso weAroid, Golang, TypeScript-based web application framework Angular, uye Fuchsia inoshanda sisitimu yemidziyo yakangwara yemumba seNest.
Nhasi tiri kuparura Google's Open Source Software Vulnerability Reward Program (OSS VRP) yekupa mibairo yekusagadzikana yakawanikwa mumapurojekiti eGoogle akavhurwa sosi. Semutoro wemapurojekiti makuru akadai seGolang, Angular, uye Fuchsia, Google iri pakati pevapei zvikuru uye vashandisi vevhu rakavhurika pasirese. Nekuwedzera kweGoogle's OSS VRP kumhuri yedu yeVulnerability Bounty Programs (VRPs), vatsvagiri vanogona ikozvino kupihwa mubairo wekutsvaga tsikidzi dzinogona kukanganisa iyo yakavhurika sosi ecosystem.
Kusagadzikana idambudziko rakakura, Google yakatsanangura mune blog post. Akati pane kuwedzera kwe650% mukurwiswa kwakanangwa kune yakavhurika sosi software yekugovera keteni gore rapfuura, zvichikonzera zviitiko zvikuru sekusagadzikana kweLog4Shell kushandiswa.
"Kuvhima tsikidzi chishandiso chakakurumbira kwete chekuvandudza mhando yezvinopa software chete, asiwo yekuwedzera ruzivo rwevagadziri apo uchishanda sechikurudziro chekudyidzana kwakadzama nekodhi," akadaro Holger Mueller weConstellation. Research Inc. "Panyaya iyi, zvakanaka kuona kuti Google inopa imwe bug yekutsvaga, yakanyorwa Open Source Software Vulnerability Chirongwa. Ese ma paramita anoyevedza, nharaunda dzevagadziridzi hadzina kugadzikana, saka tichaona kuti mhinduro yacho ichave sei uye, zvinotonyanya kukosha, ndezvipi zvikanganiso uye kumwe kutorwa kwemapuratifomu anogona kuwanikwa. "
Chirongwa cheOSS VRP chakaziviswa nhasi chikamu chekuzvipira ikoko.
Kune rumwe rutivi, Google inokurudzira vaongorori kuti vatarise yakavhurika sosi software kodhi uye vataure chero kusagadzikana kuti vanowana Google yakati ichabhadhara mabhonasi zvichienderana nekuoma kwekusagadzikana uye kukosha kweprojekiti, kubva pamadhora zana kusvika pamadhora mazana matatu nemakumi matatu nemakumi matatu nenomwe. Mabhenefiti makuru achabhadharwawo kune mamwe "asina kujairika kana kunyanya anonakidza kusagadzikana," ayo Google anokurudzira vaongorori kuti vagadzire.
Pamusoro pemibairo, vashandisi vanogona zvakare kucherechedzwa neruzhinji kune zvavakawana kana vakasarudza. Kune avo vanoda kupa mubairo wavo kune vanopa rubatsiro, Google yakati ichafananidza mipiro kubva murwi wayo wemari.
Google yakatsanangura kuti vaongorori vanofanirwa kutarisisa kuyedza kwavo pashanduro dzemazuva ano dzeakavhurika sosi software mapurojekiti ainotungamira, ayo anogona kuwanikwa mumatura eruzhinji pane Google's GitHub peji. Kuvhima kwebug kunowedzerawo kune wechitatu-bato kutsamira pamapurojekiti iwayo.
Finalmente Kana iwe uchifarira kugona kuziva zvakawanda nezvazvo nezve katsamba, unogona kutarisa chirevo chakapihwa neGoogle mu inotevera chinongedzo.