Google is increasing rewards for bug hunters in its kCTF program, which focuses on zero-day vulnerabilities in the Linux kernel.
The Linux kernel is a key component in keeping the Internet secure. The Google Linux is used in just about everything from computers to products that people around the world use every day, such as Chromebooks, Android On phones, cars, TVs, and workloads on Google Cloud. For this reason, the company has invested heavily in Linux security and will continue to reward Googles bug hunters in the kCTF Group (Kubernetes Captures the Flag) program increase.
The Linux kernel’s bug bounty program is just a small part of Google’s comprehensive vulnerability bounty program, Android, Chrome and other open source projects. In 2021, Google paid out $8.7 million in rewards, including $2.9 million for Android bugs and $3.3 million for Chrome bugs.
Google pays between $20,000 and $91,337 for researchers who find vulnerabilities in the Linux kernel, the Kubernetes container management system, and Google Cloud’s Kubernetes engine.
This promotion is based on the three-month bonus that Google introduced in November. At the time, the company tripled the rewards for exploiting new and previously unknown bugs in the Linux kernel. The idea was that the crowd would reveal new technologies to exploit the kernel, especially for services running on top of Kubernetes in the cloud.
The researchers had to prove that they could use the exploit for a specific flaw to breach Google’s kCTF (Kubernetes Capture The Flag) group and get a tag (a secret hidden in a program) in a competition held in this case on the Google group.
Google has deemed the Extended Program a success and will therefore extend it until at least the end of 2022. However, it has also made a number of changes affecting the rules, terms, and rewards.
First, the updated and expanded Google program increases the maximum reward for a single exploit from $50,337 to $91,377.
As for the success of the current study, Google says it received nine reports in the three months and paid out more than $175,000 in rewards. The submissions included five previously unknown or previously unknown vulnerabilities, and two “one day” exploits or newly discovered vulnerabilities. Three of them have been fixed and released, including CVE-2021-4154, CVE-2021-22600 (patch), and CVE-2022-0185 (update), according to Google.
“Social media evangelist. Baconaholic. Devoted reader. Twitter scholar. Avid coffee trailblazer.”
More Stories
Ubisoft wants to release a new Assassin's Creed game every 6 months!
A horror game from former developers at Rockstar
Turtle Beach offers the Stealth Pivot Controller for PC and Xbox