Google is upping its Linux bug bounty prize
White hat hackers and other bounty hunters rejoice – Google has just significantly raised the prizes for discovering zero-day and one-day vulnerabilities on Linux-powered endpoints.
In a blog post by Vulnerability Matchmaker Eduardo Vela, it says that Google was recently forced to up the ante “to match our rewards to the expectations” of the Linux community. As the move turned out to be a success, the company has now decided to extend it until the end of the year.
That being said, until December 31 2022, Google will pay anywhere between $20,000 and $91,337 for exploits of vulnerabilities in the Linux Kernel, Kubernetes, GKE, or kCTF, that are exploitable in its test lab.
L33T sp33k
For those wondering why $91,337, and not 90,000, 91,000, or any other round number – 1337 is also known as “Leet speek”, or “elite speak” – the language of the hacking and gaming communities. This is the community that often shortens words and replaces letters with numbers, so “elite” will become “1337”,
So, what exactly did Google do?
- Reporting a zero-day vulnerability will not require including a flag at first, to prevent leaking the exploit to other participants.
- Reporting a one-day will require including a link to the patch.
- Participants will be able to submit the exploit in the same form they submit the flag
- Google is now running two clusters, one on the REGULAR release channel and one on the RAPID release channel, to provide more flexibility
- $31,337 will go to the first valid exploit submission for a given vulnerability
- $0 will go for duplicate exploits for the same vulnerability
- $20,000 will go for exploits for zero-day vulnerabilities
- $20,000 will also go for exploits for vulnerabilities that do not require unprivileged user namespaces (CLONE_NEWUSER)
- The same reward will be given out for exploits using novel exploit techniques
“These changes increase some one-day exploits to $71,337 USD (up from $31,337), and make it so that the maximum reward for a single exploit is $91,337 USD (up from $50,337),” Google explained.
“We also are going to pay even for duplicates at least $20,000 if they demonstrate novel exploit techniques (up from $0). However, we will also limit the number of rewards for one-days to only one per version/build.”
Audio player loading… White hat hackers and other bounty hunters rejoice – Google has just significantly raised the prizes for discovering zero-day and one-day vulnerabilities on Linux-powered endpoints. In a blog post by Vulnerability Matchmaker Eduardo Vela, it says that Google was recently forced to up the ante “to match…
Recent Posts
- The five-year journey to make an adventure game out of ink and paper
- Valoi Easy35 Film-Scanning Kit Review: Fast, Affordable, and Easy to Use
- The AI assistants are getting better fast
- This smart home brewer turned me into a beer-making master in just 9 days
- The Google Pixel 9 color options and wallpapers may have just leaked
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011