Google makes good use of Linux across its platforms, especially when it comes to Android and its massive servers. Over the years, Google has been inclining more towards open-source projects and programs.
Recently, the tech giant sponsored $1 million to fund a security-focused open-source program run by The Linux Foundation, more details in our original coverage.
And, now, Google just tripled its bounty rewards for the next three months for security researchers working on finding kernel exploits that help achieve privilege escalation (i.e., when an attacker gains administrator access using a bug/flaw)
It’s no surprise that there will always be some form of bugs and flaws that plague the security and development of the kernel. Fortunately, hundreds of security researchers from various organizations and individuals-alike work to improve its state of security, which is why the vulnerabilities are not necessarily exploited in the wild.
Even though Google has a good track record of rewarding security researchers, it stepped up the game for the next three months by announcing a base reward of $30,377 to $50,377 as the upper limit.
Program Details and Rewards
The exploits can be responding to currently patched vulnerabilities, new unpatched vulnerabilities, and new techniques.
The base reward of $31,337 holds for exploiting publicly patched vulnerabilities that exploit privilege escalation. If it identifies unpatched vulnerabilities or new exploit techniques, the reward can go up to $50,337.
Moreover, this program also goes along with the Android VRP and Patch Reward programs. This means if the exploit works on Android, you can be eligible for rewards up to 250,000 USD in addition to this program.
You can read more about this on their official portal if you are curious about Android.
The hike in reward will be open for the next three months, that is, until January 31, 2022.
This program is an excellent initiative by Google. It is undoubtedly going to attract and benefit many security professionals and researchers alike.
Not to forget, the state of security for Linux Kernel should get the ultimate benefit.