Google has kicked off a special three-month bug bounty targeting flaws in the Linux kernel with triple the rewards for security researchers.
The new bounty, announced this week, looks to harden the Linux kernel in specific edge cases. It’s offering up to $31,337 (Leet) to security researchers who can exploit privilege escalation in Google’s lab environment with a patched vulnerability; and $50,337 for anyone who can finds a previously undisclosed or zero-day flaw, or for discovering a new exploit technique.
“We are constantly investing in the security of the Linux Kernel because much of the internet, and Google – from the devices in our pockets, to the services running on Kubernetes in the cloud – depend on the security of it,” said Eduardo Vela from the Google Bug Hunters Team.
The Linux kernel — hatched as a hobby by Linus Torvalds in Helsinki 30 years ago — now powers most of the top websites and internet infrastructure, from AWS to Microsoft Azure, Google, Facebook and Wikipedia.
Google’s base rewards for each publicly patched vulnerability is $31,337, capped at one