Vulnerability Management

Google offering bounties for new Tsunami security plug-ins

Share
A Google corporate logo stands at the Google Germany offices on Aug. 31, 2021, in Berlin. (Photo by Sean Gallup/Getty Images)

Google announced Tuesday it would offer bounties up to $3,133.7 for expanding the functionality its open-source hyperscale networking vulnerability scanner, Tsunami.

The vulnerability scanner debuted to the public last summer.

"We hope this program will allow us to quickly extend the detection capabilities of the scanner to better benefit our users and uncover more vulnerabilities in their network infrastructure," members of the Google vulnerability management team wrote in a blog post.

The program, which Google describes as "experimental," will focus on two categories of submissions: vulnerability detectors and web application fingerprints.

To receive the maximum bounty of $3,133.7, a submitter must offer code to scan for a critical severity vulnerability with large attack radii released within the past two weeks. Smaller bounties will go to vulnerabilities that are high severity, older than two weeks or both.

A bounty of $500 will go to web application fingerprints and the corresponding automation scripts.

The large-impact products that qualify for scanning bounties include webmail clients, databases, application frameworks, coding notebooks, configuration tools and other broadly used software described on Google's bounty page.

"As with other Security Reward Programs, rewards can be donated to charity — and we'll double your donation if you choose to do so. We'll run this program in iterations so that everyone interested has the opportunity to participate," the team wrote.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.