I-Google inweba iphothifoliyo yayo yezinhlelo zemiklomelo
I-Google iphinde yaqinisekisa ukuzibophezela kwayo kumthombo ovulekile futhi useyakhululwa uhlelo olusha ukusekela abacwaningi bezokuphepha nabazingeli wamaphutha anikeza imiklomelo yemali noma ubani ongathola ubungozi kumaphrojekthi wesofthiwe yomthombo ovulekile awuholayo.
Uhlelo Lwemiklomelo lwamenyezelwa isengezo sakamuva emndenini wakwa-Google wezinhlelo zenzuzo yokuba sengozini futhi igxile kubacwaningi abavuzayo ezithola izimbungulu ezingase zilimaze amanye amaphrojekthi omthombo ovulekile asetshenziswa kakhulu emhlabeni.
Njengoba isungulelwe ukunxephezela kanye nokubonga labo abasiza ukwenza ikhodi ye-Google ivikeleke kakhudlwana, uhlelo lwangempela lwe-VRP lwalungolokuqala emhlabeni futhi manje selusondela ekugubheni iminyaka engu-12 lwasungulwa. Ngokuhamba kwesikhathi, i-VRP yethu iye yanda ukuze ifake izinhlelo ezigxile ku-Chrome, Android, nezinye izindawo. Sezihlangene, lezi zinhlelo ziklomelise izethulo ezingaphezu kuka-13, ngenkokhelo isiyonke engaphezu kwezigidi ezingu-000 zamaRandi.
Njengoba abaningi bazokwazi, I-Google inesibopho ngokuyinhloko samaphrojekthi amaningi omthombo ovulekile, isibonelo se-Android, i-Golang, uhlaka lohlelo lokusebenza lwewebhu olususelwa ku-TypeScript i-Angular, kanye nesistimu yokusebenza ye-Fuchsia yamadivayisi ahlakaniphile asekhaya njenge-Nest.
Namuhla sethula Uhlelo Lwe-Google Lokuvuza Umthombo Ovulekile Wesofthiwe Ye-Vulnerability (OSS VRP) ukuze uklomelise okutholwe ekubeni sengozini kumaphrojekthi womthombo ovulekile we-Google. Njengoba inomthwalo wemfanelo wamaphrojekthi amakhulu afana ne-Golang, Angular, ne-Fuchsia, i-Google iphakathi kwabanikeli abakhulu nabasebenzisi bomthombo ovulekile emhlabeni. Ngokungezwa kwe-OSS VRP ye-Google emndenini wethu we-Vulnerability Bounty Programs (VRPs), abacwaningi sebengakwazi manje ukuklonyeliswa ngokuthola iziphazamisi ezingase zibe nomthelela kuyo yonke i-ecosystem yomthombo ovulekile.
Ubungozi buyinkinga enkulu, kuchaza i-Google kokuthunyelwe kwebhulogi. Uthe zinyuke ngo-650% ukuhlaselwa okuhlosiwe ochungechungeni lokuhlinzeka ngesofthiwe yomthombo ovulekile ngonyaka odlule, okubangele izehlakalo ezinkulu ezinjengokuxhashazwa kwe-Log4Shell sengozini.
"Ukuzingela iziphazamisi kuyithuluzi elidumile hhayi nje lokuthuthukisa ikhwalithi yesofthiwe enikezwayo, kodwa futhi lokukhulisa ukujwayela konjiniyela ngenkathi kusebenza njengesikhuthazo sokusebenzelana okujulile nekhodi," kusho u-Holger Mueller we-Constellation. Research Inc. "Maqondana nalokhu, kuhle ukubona ukuthi i-Google inikeza olunye usesho lwesiphazamisi, olubhalwe ukuthi Uhlelo Lokuvula Umthombo Wesofthiwe Yengozi. Yonke imingcele iyathandeka, imiphakathi yonjiniyela iyashintshashintsha, ngakho-ke sizobona ukuthi impendulo izoba kanjani futhi, okubaluleke kakhulu, ukuthi yimaphi amaphutha kanye nokwamukelwa okwengeziwe kwamapulatifomu ayisisekelo okungatholakala. ”
Uhlelo lwe-OSS VRP olumenyezelwe namuhla luyingxenye yalokho kuzibophezela.
Ngakolunye uhlangothi, I-Google ikhuthaza abacwaningi ukuthi babuyekeze ikhodi yesofthiwe yomthombo ovulekile futhi babike noma yibuphi ubungozi ukuthi bathole I-Google ithe izokhokha izinzuzo ngokusekelwe ebunzimeni bobungozi kanye nokubaluleka kwephrojekthi, esukela ku-$100 kuya ku-$31,337. Izinzuzo ezinkulu zizokhokhwa "ezingozini ezingajwayelekile noma ezithokozisayo," lapho i-Google ikhuthaza abacwaningi ukuthi basungule.
Ngokungeziwe emiklomelweni, abasebenzisi futhi bangathola ukuqashelwa komphakathi ngalokho abakutholile uma bekhetha kanjalo. Kulabo abafuna ukunikela ngomvuzo wabo enhlanganweni esiza abantulayo, i-Google ithe izofanisa leyo minikelo evela enqwabeni yayo yemali.
I-Google ichaze ukuthi abacwaningi kufanele bagxilise imizamo yabo ezinguqulweni zakamuva zamaphrojekthi wesofthiwe yomthombo ovulekile eziholayo, ezingatholakala kumakhosombe asesidlangalaleni ekhasini le-Google le-GitHub. Ukuzingela iziphazamisi kuphinde kudlulele ekuncikeni kwezinkampani zangaphandle kulawo maphrojekthi.
Okokugcina Uma unesifiso sokwazi okwengeziwe ngakho mayelana nenothi, ungabheka isitatimende esikhishwe i-Google ku isixhumanisi esilandelayo.