As a part of kCTF vulnerability incentive program, the maximum bounty payouts for discovered Linux vulnerabilities are rising
As part of Google’s open-source Kubernetes-based capture-the-flag (CTF) vulnerability incentives program (VRP), the maximum bounty payouts for discovered Linux vulnerabilities are rising. In order to provide security researchers with a method of disclosing vulnerabilities and being notified of them, Google Kubernetes Engine (GKE) released the vulnerability reporting tool kCTF in 2020. The maximum bounty payouts for Linux vulnerabilities are apparently once again under Google’s hands as part of its open-source, Kubernetes-based CTF vulnerability awards program (VRP).
Although every dependency of GKE is safeguarded, each flag that has been discovered so far has been a container breakout caused by a flaw in the Linux kernel. It has been noted that under the Linux kernel, detecting and exploiting heap memory corruption issues may be considerably more difficult. The internet giant has announced a brand-new set of mitigations that ought to make it harder to exploit the vast majority of previously known flaws and vulnerabilities and that these mitigations were implemented to stop cross-cache attacks, elastic objects, and free list corruption.
Security researchers can get up to $133,337 for major issues discovered as part of the kCTF thanks to these two prizes, each worth $21,000. Google also promises further compensation for vulnerabilities. to entice security researchers to discover methods around the mitigations added to the most recent Linux kernel and the newly updated mitigations.
The company has now disclosed that it is extending the increased incentive amounts—along with the additional $21,000 bonuses—it announced last year indefinitely. Following Google’s announcements of substantial bonuses for specific vulnerabilities, which more than doubled the base reward payouts in kCTF half a year ago, the new additional awards were introduced. Researchers may be eligible to collect $91,337 for exploits that match certain criteria, in addition to three $20,000 bonus prizes and the baseline reward of $31,337.
