document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #23729 from lujun9972/add-MjAyMTExMDMgR29vZ2xlIHRvIFBheSB1cCB0byAtNTAsMzM3IGZvciBFeHBsb2l0aW5nIExpbnV4IEtlcm5lbCBCdWdzLm1kCg==

Browse Source 
自动选题[news]: 20211103 Google to Pay up to $50,337 for Exploiting Linux Kernel Bugs
This commit is contained in:
Xingyu.Wang 2021-11-04 08:47:35 +08:00 committed by GitHub
commit df47ef9ed2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 65 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
sources/news/20211103 Google to Pay up to -50,337 for Exploiting Linux Kernel Bugs.md Normal file
View File

@ -0,0 +1,65 @@
[#]: subject: "Google to Pay up to $50,337 for Exploiting Linux Kernel Bugs"
[#]: via: "https://news.itsfoss.com/google-linux-kernel-bounty/"
[#]: author: "Rishabh Moharir https://news.itsfoss.com/author/rishabh/"
[#]: collector: "lujun9972"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Google to Pay up to $50,337 for Exploiting Linux Kernel Bugs
======
Google makes good use of Linux across its platforms, especially when it comes to Android and its massive servers. Over the years, Google has been inclining more towards open-source projects and programs.
Recently, the tech giant sponsored $1 million to fund a security-focused open-source program run by The Linux Foundation, more details in our [original coverage.][1]
And, now, Google just tripled its bounty rewards for the next three months for security researchers working on finding kernel exploits that help achieve privilege escalation (i.e., when an attacker gains administrator access using a bug/flaw)
Its no surprise that there will always be some form of bugs and flaws that plague the security and development of the kernel. Fortunately, hundreds of security researchers from various organizations and individuals-alike work to improve its state of security, which is why the vulnerabilities are not necessarily exploited in the wild.
Even though Google has a good track record of rewarding security researchers, it stepped up the game for the next three months by announcing a base reward of **$30,377 to $50,377** as the upper limit.
### Program Details and Rewards
The exploits can be responding to currently patched vulnerabilities, new unpatched vulnerabilities, and new techniques.
The base reward of **$31,337** holds for exploiting publicly patched vulnerabilities that exploit privilege escalation. If it identifies unpatched vulnerabilities or new exploit techniques, the reward can go up to **$50,337**.
Moreover, this program also goes along with the Android VRP and Patch Reward programs. This means if the exploit works on Android, you can be eligible for rewards up to 250,000 USD in addition to this program.
You can read more about this on their [official portal][2] if you are curious about Android.
The hike in reward will be open for the next three months, that is, until January 31, 2022.
Security researchers can go through their [official blog post][3] to set up the lab environment and read more about the requirements on their [official GitHub webpage.][4]
### Wrapping Up
This program is an excellent initiative by Google. It is undoubtedly going to attract and benefit many security professionals and researchers alike.
Not to forget, the state of security for Linux Kernel should get the ultimate benefit.
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/google-linux-kernel-bounty/
作者:[Rishabh Moharir][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/rishabh/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/google-sos-sponsor/
[2]: https://bughunters.google.com/about/rules/6171833274204160
[3]: https://security.googleblog.com/2021/11/trick-treat-paying-leets-and-sweets-for.html
[4]: https://google.github.io/kctf/vrp