Google on Monday presented that it’ll pay coverage researchers to appear out exploits the usage of vulnerabilities, up to now remediated or another way, over the following 3 months as a part of a brand new worm bounty program to support the protection of the Linux kernel.
To that finish, the corporate is predicted to factor rewards worth $31,337 for exploiting privilege escalation in a lab environment for each and every patched vulnerability, an quantity that may climb as much as $50,337 for operating exploits that get pleasure from zero-day flaws right through the kernel and different undocumented assault tactics.
In particular, this system targets to seek out assaults that may be presented towards Kubernetes-based infrastructure to defeat procedure isolation barriers (by the use of NSJail) and escape of the sandbox to leak secret knowledge.
This system is predicted to ultimate till January 31, 2022.
“It is very important word, that the perfect exploitation primitives are not to be had in our lab environment because of the hardening finished on Container-Optimized OS,” Eduardo Vela of Google Trojan horse Hunters Crew mentioned.
The rewards program additionally exists along side Android’s VRP rewards, permitting researchers to show exploits that paintings at the mobile operating tool, which might be eligible for as much as $250,000 in worm bounties. Further information about the competition may also be came upon right kind proper right here.