1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Google hikes bounty for Linux kernel vulnerabilities

    From TechnologyDaily@1337:1/100 to All on Tue Nov 2 16:15:04 2021
    Google hikes bounty for Linux kernel vulnerabilities

    Date:
    Tue, 02 Nov 2021 15:54:32 +0000

    Description:
    Google has tripled its award for researchers who discover and help fix vulnerabilities in the Linux kernel.

    FULL STORY ======================================================================

    Google has announced a three-month Halloween-special bug bounty program thats designed to help unearth and fix flaws in the Linux kernel.

    The special program builds on top of the Vulnerability Rewards Program (VRP) announced last year , with triple the rewards for security researchers.

    Google's base rewards for each publicly patched vulnerability is $31,337, capped at one exploit per vulnerability. However, the reward can go up to $50,337 if the bug was otherwise unpatched in the Linux kernel (a zero-day); or if the exploit uses a new attack or technique in Google's view. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window <<

    "We are constantly investing in the security of the Linux Kernel because much of the internet, and Google from the devices in our pockets, to the services running on Kubernetes in the cloud depend on the security of it," shared Eduardo Vela from the Google Bug Hunters Team. Securing the Linux kernel

    Vela adds that while Google spends resources to research the vulnerabilities and attacks on the Linux kernel, and has earmarked resources to study and develop the kernels defenses , it is conscious of the fact that it needs to
    do more.

    "We hope the new rewards will encourage the security community to explore new Kernel exploitation techniques to achieve privilege escalation and drive quicker fixes for these vulnerabilities," adds Vela.

    Furthermore, the new program complements the VRP rewards for Android , so exploits that work on the mobile OS are eligible for an additional reward of up to $250,000.

    Explaining the mechanics of the initiative, Vela encourages participants to submit a patch to fix their reported vulnerability, which will also attract
    an additional award from Googles Patch Reward Program.

    Vela also suggests that bug hunters report any vulnerabilities upstream as soon as they are discovered, and only share them with Google once theyve been publicly disclosed and patched.

    Researchers are expected to provide the exploit code and the algorithm used
    to calculate the hash checksum, along with a rough description of the exploit strategy.

    To help you run Linux, weve rounded up the best Linux laptops



    ======================================================================
    Link to news story: https://www.techradar.com/news/google-hikes-bounty-for-linux-kernel-vulnerabil ities/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)