As we enter the New Year, be sure to keep up, or adopt, these good data security habits to avoid identity theft

The post Simple steps to protect yourself against identity theft appeared first on WeLiveSecurity

In the second blogpost of the two-part series we’ll suggest handy tips to help enhance the security of your mobile devices

The post 20 tips for 2020: Be smarter with your smartphone appeared first on WeLiveSecurity

In this first instalment of the two-article series we will be looking at cybersecurity habits to avoid when using your computing devices

The post 20 tips for 2020: Mistakes to avoid appeared first on WeLiveSecurity

It’s not a stretch to surmise that the incident was enabled by poor security settings

The post Prison surveillance footage posted on YouTube appeared first on WeLiveSecurity

Disposing of old tech isn’t a one-click solution; there are multiple things you have to consider before moving on to greener pastures

The post How to get rid of your old devices safely appeared first on WeLiveSecurity

What are some of the key things you should do with your shiny new device as soon as you unbox it?

The post How to secure your digital Christmas presents appeared first on WeLiveSecurity

ESET’s free BlueKeep vulnerability checker – Dangerous PayPal-themed scam – This year’s worst passwords

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

An ongoing phishing scam uncovered by ESET researchers seeks to wreak havoc on your money and digital life in one fell swoop

The post Ambitious scam wants far more than just PayPal logins appeared first on WeLiveSecurity

Malware and legal requirements force academics and students to join a near-endless line in order to pick up their passwords

The post 38,000 people forced to pick up email passwords in person appeared first on WeLiveSecurity


At Google, we strive to make the internet safer and that includes recognizing and rewarding security improvements that are vital to the health of the entire web. In 2020, we are building on this commitment by launching a new iteration of our Patch Rewards program for third-party open source projects.

Over the last six years, we have rewarded open source projects for security improvements after they have been implemented. While this has led to overall improved security, we want to take this one step further.

Introducing upfront financial help
Starting on January 1, 2020, we’re not only going to reward proactive security improvements after the work is completed, but we will also complement the program with upfront financial support to provide an additional resource for open source developers to prioritize security work. For example, if you are a small open source project and you want to improve security, but don’t have the necessary resources, this new reward can help you acquire additional development capacity.

We will start off with two support levels :

  • Small ($5,000): Meant to motivate and reward a project for fixing a small number of security issues. Examples: improvements to privilege separation or sandboxing, cleanup of integer artimetrics, or more generally fixing vulnerabilities identified in open source software by bug bounty programs such as EU-FOSSA 2 (see ‘Qualifying submissions’ here for more examples).
  • Large ($30,000): Meant to incentivize a larger project to invest heavily in security, e.g. providing support to find additional developers, or implement a significant new security feature (e.g. new compiler mitigations).

Nomination process

Anyone can nominate an open source project for support by filling out http://goo.gle/patchz-nomination. Our Patch Reward Panel will review submissions on a monthly basis and select a number of projects that meet the program criteria. The panel will let submitors know if a project has been chosen and will start working with the project maintainers directly.

Projects in scope

Any open source project can be nominated for support. When selecting projects, the panel will put an emphasis on projects that either are vital to the health of the Internet or are end-user projects with a large user base.

What do we expect in return?

We expect to see security improvements to open source software. Ideally, the project can provide us
with a short blurb or pointers to some of the completed work that was possible because of our support. We don’t want to add bureaucracy, but would like to measure the success of the program.
What about the existing Patch Rewards program?
This is an addition to the existing program, the current Patch Rewards program will continue as it stands today.