Daily Tech News, Interviews, Reviews and Updates

As a part of kCTF vulnerability incentive program, the maximum bounty payouts for discovered Linux vulnerabilities are rising

Security
By Somya Agrawal

As part of Google’s open-source Kubernetes-based capture-the-flag (CTF) vulnerability incentives program (VRP), the maximum bounty payouts for discovered Linux vulnerabilities are rising. In order to provide security researchers with a method of disclosing vulnerabilities and being notified of them, Google Kubernetes Engine (GKE) released the vulnerability reporting tool kCTF in 2020. The maximum bounty payouts for Linux vulnerabilities are apparently once again under Google’s hands as part of its open-source, Kubernetes-based CTF vulnerability awards program (VRP).

Although every dependency of GKE is safeguarded, each flag that has been discovered so far has been a container breakout caused by a flaw in the Linux kernel. It has been noted that under the Linux kernel, detecting and exploiting heap memory corruption issues may be considerably more difficult. The internet giant has announced a brand-new set of mitigations that ought to make it harder to exploit the vast majority of previously known flaws and vulnerabilities and that these mitigations were implemented to stop cross-cache attacks, elastic objects, and free list corruption.

Security researchers can get up to $133,337 for major issues discovered as part of the kCTF thanks to these two prizes, each worth $21,000. Google also promises further compensation for vulnerabilities. to entice security researchers to discover methods around the mitigations added to the most recent Linux kernel and the newly updated mitigations.

The company has now disclosed that it is extending the increased incentive amounts—along with the additional $21,000 bonuses—it announced last year indefinitely. Following Google’s announcements of substantial bonuses for specific vulnerabilities, which more than doubled the base reward payouts in kCTF half a year ago, the new additional awards were introduced. Researchers may be eligible to collect $91,337 for exploits that match certain criteria, in addition to three $20,000 bonus prizes and the baseline reward of $31,337.

 

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
Somya Agrawal 762 posts

Having an artistic mind, She likes to find her way through words and put her perspectives boldly. She is flexible and open to working under any circumstances and pressure.

You might also like
Crypto

WazirX Suffers $230 Million Cyberattack, Launches Bounty Programs for Recovery

Crypto

Major Security Breach At WazirX: $230 Million In Crypto Stolen by Hackers

Security

Call Records and Text From Nearly All Customers Were Hacked Through A Cloud Service:…

Security

Airtel Denies Data Breach Claims, Calls Allegations a Desperate Attempt to Tarnish…

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More