mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-26 21:30:55 +08:00
Merge pull request #23752 from wxy/20211103-Google-to-Pay-up-to--50,337-for-Exploiting-Linux-Kernel-Bugs
TSL&PRF:sources/news/20211103 Google to Pay up to -50,337 for Exploiting Linux Kernel Bugs.md
This commit is contained in:
Xingyu.Wang
GitHub
commit
67aef6a090
@ -1,69 +0,0 @@
|
||||
[#]: subject: "Google to Pay up to $50,337 for Exploiting Linux Kernel Bugs"
|
||||
[#]: via: "https://news.itsfoss.com/google-linux-kernel-bounty/"
|
||||
[#]: author: "Rishabh Moharir https://news.itsfoss.com/author/rishabh/"
|
||||
[#]: collector: "lujun9972"
|
||||
[#]: translator: "wxy"
|
||||
[#]: reviewer: " "
|
||||
[#]: publisher: " "
|
||||
[#]: url: " "
|
||||
|
||||
谷歌奖励攻破 Linux 内核的安全专家多达 5 万美元
|
||||
======
|
||||
|
||||
> 成功击破内核实现提权的安全研究人员将获得 31,337 美元至 50,337 美元的奖金。
|
||||
|
||||
|
||||
|
||||
Google makes good use of Linux across its platforms, especially when it comes to Android and its massive servers. Over the years, Google has been inclining more towards open-source projects and programs.
|
||||
|
||||
Recently, the tech giant sponsored $1 million to fund a security-focused open-source program run by The Linux Foundation, more details in our [original coverage.][1]
|
||||
|
||||
And, now, Google just tripled its bounty rewards for the next three months for security researchers working on finding kernel exploits that help achieve privilege escalation (i.e., when an attacker gains administrator access using a bug/flaw)
|
||||
|
||||
It’s no surprise that there will always be some form of bugs and flaws that plague the security and development of the kernel. Fortunately, hundreds of security researchers from various organizations and individuals-alike work to improve its state of security, which is why the vulnerabilities are not necessarily exploited in the wild.
|
||||
|
||||
Even though Google has a good track record of rewarding security researchers, it stepped up the game for the next three months by announcing a base reward of **$30,377 to $50,377** as the upper limit.
|
||||
|
||||
### Program Details and Rewards
|
||||
|
||||
The exploits can be responding to currently patched vulnerabilities, new unpatched vulnerabilities, and new techniques.
|
||||
|
||||
The base reward of **$31,337** holds for exploiting publicly patched vulnerabilities that exploit privilege escalation. If it identifies unpatched vulnerabilities or new exploit techniques, the reward can go up to **$50,337**.
|
||||
|
||||
Moreover, this program also goes along with the Android VRP and Patch Reward programs. This means if the exploit works on Android, you can be eligible for rewards up to 250,000 USD in addition to this program.
|
||||
|
||||
You can read more about this on their [official portal][2] if you are curious about Android.
|
||||
|
||||
The hike in reward will be open for the next three months, that is, until January 31, 2022.
|
||||
|
||||
Security researchers can go through their [official blog post][3] to set up the lab environment and read more about the requirements on their [official GitHub webpage.][4]
|
||||
|
||||
### Wrapping Up
|
||||
|
||||
This program is an excellent initiative by Google. It is undoubtedly going to attract and benefit many security professionals and researchers alike.
|
||||
|
||||
Not to forget, the state of security for Linux Kernel should get the ultimate benefit.
|
||||
|
||||
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
|
||||
|
||||
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
|
||||
|
||||
I'm not interested
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://news.itsfoss.com/google-linux-kernel-bounty/
|
||||
|
||||
作者:[Rishabh Moharir][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://news.itsfoss.com/author/rishabh/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://news.itsfoss.com/google-sos-sponsor/
|
||||
[2]: https://bughunters.google.com/about/rules/6171833274204160
|
||||
[3]: https://security.googleblog.com/2021/11/trick-treat-paying-leets-and-sweets-for.html
|
||||
[4]: https://google.github.io/kctf/vrp
|
||||
@ -0,0 +1,63 @@
|
||||
[#]: subject: "Google to Pay up to $50,337 for Exploiting Linux Kernel Bugs"
|
||||
[#]: via: "https://news.itsfoss.com/google-linux-kernel-bounty/"
|
||||
[#]: author: "Rishabh Moharir https://news.itsfoss.com/author/rishabh/"
|
||||
[#]: collector: "lujun9972"
|
||||
[#]: translator: "wxy"
|
||||
[#]: reviewer: " "
|
||||
[#]: publisher: " "
|
||||
[#]: url: " "
|
||||
|
||||
多达 5 万美元,谷歌将奖励利用 Linux 内核提权的安全专家
|
||||
======
|
||||
|
||||
> 成功利用内核漏洞以实现提权的安全研究人员将获得 31,337 美元至 50,337 美元的奖金。
|
||||
|
||||
|
||||
|
||||
谷歌的平台大量使用了 Linux,尤其是在安卓及其庞大的服务器方面。多年来,谷歌一直青睐开源项目和计划。
|
||||
|
||||
最近,这家科技巨头赞助了 100 万美元,用于资助 Linux 基金会开展的一个以安全为重点的开源项目,更多细节参见我们 [原来的报道][1]。
|
||||
|
||||
而现在,谷歌将在未来三个月内将赏金奖励增加两倍,以奖励那些致力于寻找有助于实现提权(即,当攻击者利用一个错误/缺陷获得管理员权限)的内核漏洞的安全研究人员。
|
||||
|
||||
毫无疑问,总会有某种形式的错误和缺陷困扰着内核的安全和开发。幸运的是,来自各个组织和个人的数百名安全研究人员致力于改善其安全状态,这就是为什么这些漏洞不一定会在野外被利用。
|
||||
|
||||
谷歌在奖励安全研究人员方面有着良好的记录,但它在接下来的三个月里加大了力度,宣布了 **31,377 美元的基本奖励,最高可达 50,377 美元。
|
||||
|
||||
### 计划细节和奖励
|
||||
|
||||
这些漏洞利用可以针对目前已修补的漏洞和未修补的新漏洞,以及采用新的技术。
|
||||
|
||||
**$31,337** 的基本奖励用于利用已公开了补丁的漏洞进行提权的技术。如果发现未修补的漏洞或新的利用技术,奖励可高达 **$50,337**。
|
||||
|
||||
此外,该计划还可以与 Android VRP 和“补丁奖励”计划一起使用。这意味着,如果该漏洞在安卓系统上发挥作用,除了这个计划之外,你还可以获得高达 25 万美元的奖励。
|
||||
|
||||
如果你希望了解更多关于安卓系统的信息,你可以在他们的 [官方门户网站][2] 上了解。
|
||||
|
||||
增加的奖励将在未来三个月内开放,也就是说,直到 2022 年 1 月 31 日。
|
||||
|
||||
安全研究人员可以通过他们的 [官方博文][3] 来设置实验室环境,并在他们的 [GitHub 官方网页][4] 上阅读更多关于要求的内容。
|
||||
|
||||
### 总结
|
||||
|
||||
这项计划是谷歌的一项出色的举措。毫无疑问,它将吸引并惠及许多安全专家和研究人员。
|
||||
|
||||
不要忘记,Linux 内核的安全状况将最终受益。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://news.itsfoss.com/google-linux-kernel-bounty/
|
||||
|
||||
作者:[Rishabh Moharir][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[wxy](https://github.com/wxy)
|
||||
校对:[wxy](https://github.com/wxy)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://news.itsfoss.com/author/rishabh/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://news.itsfoss.com/google-sos-sponsor/
|
||||
[2]: https://bughunters.google.com/about/rules/6171833274204160
|
||||
[3]: https://security.googleblog.com/2021/11/trick-treat-paying-leets-and-sweets-for.html
|
||||
[4]: https://google.github.io/kctf/vrp
|
||||
Loading…
Reference in New Issue
Block a user