Daily Tech News, Interviews, Reviews and Updates

As a part of kCTF vulnerability incentive program, the maximum bounty payouts for discovered Linux vulnerabilities are rising

As part of Google’s open-source Kubernetes-based capture-the-flag (CTF) vulnerability incentives program (VRP), the maximum bounty payouts for discovered Linux vulnerabilities are rising. In order to provide security researchers with a method of disclosing vulnerabilities and being notified of them, Google Kubernetes Engine (GKE) released the vulnerability reporting tool kCTF in 2020. The maximum bounty payouts for Linux vulnerabilities are apparently once again under Google’s hands as part of its open-source, Kubernetes-based CTF vulnerability awards program (VRP).

Although every dependency of GKE is safeguarded, each flag that has been discovered so far has been a container breakout caused by a flaw in the Linux kernel. It has been noted that under the Linux kernel, detecting and exploiting heap memory corruption issues may be considerably more difficult. The internet giant has announced a brand-new set of mitigations that ought to make it harder to exploit the vast majority of previously known flaws and vulnerabilities and that these mitigations were implemented to stop cross-cache attacks, elastic objects, and free list corruption.

Security researchers can get up to $133,337 for major issues discovered as part of the kCTF thanks to these two prizes, each worth $21,000. Google also promises further compensation for vulnerabilities. to entice security researchers to discover methods around the mitigations added to the most recent Linux kernel and the newly updated mitigations.

The company has now disclosed that it is extending the increased incentive amounts—along with the additional $21,000 bonuses—it announced last year indefinitely. Following Google’s announcements of substantial bonuses for specific vulnerabilities, which more than doubled the base reward payouts in kCTF half a year ago, the new additional awards were introduced. Researchers may be eligible to collect $91,337 for exploits that match certain criteria, in addition to three $20,000 bonus prizes and the baseline reward of $31,337.


Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
You might also like

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More