After announcing last month that it would give rewards for vulnerabilities discovered in open source software (OSS), Google is expanding its bug bounty program to include Android, the open source mobile operating system.
On Monday, the internet technology corporation announced it would additionally compensate researchers who find bugs in web servers including Apache httpd, lighttpd and nginx, and mail delivery services including Sendmail, Postfix, Exim and Dovecot. OpenVPN, University of Delaware NTPD, Mozilla NSS and libxml2 were also on the list, as well as toolchain security improvements for GCC, binutils, and llvm.
When Google introduced the OSS bug bounty program in October, the company said it would be offering rewards ranging from $500 to $3,133.70.
_(33).jpg&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0){kind=logo}
_(20).jpg&h=140&w=231&c=1&s=0)
_(28).jpg&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
iTnews Benchmark Awards 2026
iTnews Cloud Covered Breakfast Summit
The 2026 iAwards
_(1).jpg&h=140&w=231&c=1&s=0)
