1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Google is upping its Linux bug bounty prize

    From TechnologyDaily@1337:1/100 to All on Wed Feb 16 14:45:04 2022
    Google is upping its Linux bug bounty prize

    Date:
    Wed, 16 Feb 2022 14:35:17 +0000

    Description:
    Google is upping the ante to get in line with the Linux community's expectations.

    FULL STORY ======================================================================

    White hat hackers and other bounty hunters rejoice - Google has just significantly raised the prizes for discovering zero-day and one-day vulnerabilities on Linux-powered endpoints .

    In a blog post by Vulnerability Matchmaker Eduardo Vela, it says that Google was recently forced to up the ante to match our rewards to the expectations
    of the Linux community. As the move turned out to be a success, the company has now decided to extend it until the end of the year.

    That being said, until December 31 2022, Google will pay anywhere between $20,000 and $91,337 for exploits of vulnerabilities in the Linux Kernel, Kubernetes, GKE, or kCTF, that are exploitable in its test lab. L33T sp33k

    For those wondering why $91,337, and not 90,000, 91,000, or any other round number - 1337 is also known as Leet speek, or elite speak - the language of the hacking and gaming communities. This is the community that often shortens words and replaces letters with numbers, so elite will become 1337,

    So, what exactly did Google do? Reporting a zero-day vulnerability will not require including a flag at first, to prevent leaking the exploit to other participants. Reporting a one-day will require including a link to the patch. Participants will be able to submit the exploit in the same form they submit the flag Google is now running two clusters, one on the REGULAR release channel and one on the RAPID release channel, to provide more flexibility $31,337 will go to the first valid exploit submission for a given vulnerability $0 will go for duplicate exploits for the same vulnerability $20,000 will go for exploits for zero-day vulnerabilities $20,000 will also
    go for exploits for vulnerabilities that do not require unprivileged user namespaces (CLONE_NEWUSER) The same reward will be given out for exploits using novel exploit techniques Read more

    ExpressVPN just majorly upped its bug bounty reward


    Meta is getting serious about its bug bounty program


    Apple pays major bug bounty to fix Safari flaw that hacked your webcam

    These changes increase some one-day exploits to $71,337 USD (up from
    $31,337), and make it so that the maximum reward for a single exploit is $91,337 USD (up from $50,337), Google explained.

    We also are going to pay even for duplicates at least $20,000 if they demonstrate novel exploit techniques (up from $0). However, we will also
    limit the number of rewards for one-days to only one per version/build.
    Here's our rundown of the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/google-is-upping-its-linux-bug-bounty-prize/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)