Google this week announced that it is offering monetary payouts to individuals who help expand the detection capabilities of the Tsunami security scanner.
Two types of contributions are currently accepted in the experimental reward program, namely vulnerability detection plugins and web application fingerprints.
An open-source general purpose network security scanner, Tsunami is meant to help organizations identify vulnerabilities and misconfigurations in their networks in an automated manner.
Designed as an extensible network scanning engine and easy to implement, the scanner heavily relies on plugins for the discovery of high-severity security bugs, and supports a curated set of vulnerabilities.
New plugins are expected to help Tsunami detect new security issues in scanned networks, and all interested contributors are encouraged to submit their projects.
Submissions will be reviewed by panel members in Google’s Vulnerability Management team and payout amounts will be awarded based on quality, vulnerability severity and time sensitivity. The maximum reward is $3,133.7, for critical vulnerabilities that came to light within the past two weeks.
Google added new web application fingerprinting capabilities to Tsunami only months ago, and is now looking to expand the scanner’s ability to detect off-the-shelf web applications. As more fingerprints are added to its database, the scanner will be able to support more web apps.
A flat $500 reward will be paid for each new application that is added to the database.
The new patch reward program, Google says, will run in iterations, to ensure that as many people as possible can participate. Those who choose to do so, may donate their rewards to charity, just as with other reward programs.
Additional information on the Patch Reward Program for the Tsunami project is available on Google’s Bug Hunters website.
Related: Google Helps OSTIF Boost Security of Open Source Projects
Related: Google Paid Over $29 Million in Bug Bounty Rewards in 10 Years
Related: Google Intros SLSA Framework to Enforce Supply Chain Integrity

More from Ionut Arghire
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches
- European Cybersecurity Firm Sekoia.io Raises $37.5 Million
- GitLab Security Update Patches Critical Vulnerability
- Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
