Google will pay between $20,000 and $91,337 to researchers who create exploits of vulnerabilities in the Linux kernel, the Kubernetes container management system, and Google Cloud’s Kubernetes Engine.
This builds on the three-month bounty Google introduced in November, where it tripled rewards for exploits against new and previously unknown Linux kernel bugs. The idea was that the crowd would uncover new kernel exploitation techniques, for services running on Kubernetes in the cloud in particular.
Researchers needed to show they could use the exploit for a given bug to compromise Google’s kCTF (Kubernetes Capture The Flag) cluster and obtain a ‘flag’ — a secret hidden in a program — within the context of a competition, which in this case was held on Google’s cluster.
SEE: Cybersecurity: Let’s get tactical (ZDNet special report)
Google considered the expanded program a success, and so it will extend it to at least the end of 2022. But it has also made a number of changes, covering rules, conditions and rewards.
First, the updated and extended program increases the maximum reward for a single exploit from $50,337 to $91,377.
On the success side of the existing trial, Google said it received nine submissions in the three months and paid out over