Google has updated its open-source Kubernetes-based capture-the-flag vulnerability rewards program to increase the maximum payouts for reported Linux security bugs, reports SecurityWeek.
Security researchers who will be able to break mitigations added by Google to combat out-of-bounds writes on slab, cross-cache attacks, freelist corruption, and elastic objects, as well as report new flaws in the latest Linux kernel will be given $21,000 in new bonuses, with total earnings from reported critical flaws as part of kCTF potentially reaching $133,337.
Google's bolstered bounty program comes six months after kCTF base bounty payouts were increased by nearly twofold. Certain vulnerabilities have also been given high bonuses, with researchers being able to earn up to $91,337 for some exploits. Elevated reward amounts unveiled last year have also been extended indefinitely, according to Google.
"We hope this will allow us to learn more about how hard (or easy) it is to bypass our experimental mitigations," said Google.
Cloud Security
Google ups Linux kernel vulnerability bounties
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds