Security Blog
The latest news and insights from Google on security and safety on the Internet
Awarding Google Cloud Vulnerability Research
8 de agosto de 2019
Posted by Felix Groebert, Information Security Engineering
Today, we’re excited to announce a yearly Google Cloud Platform (GCP) VRP Prize to promote security research of GCP. A prize of $100,000.00 will be paid to the reporter of the best vulnerability affecting GCP reported through our Vulnerability Reward Program (
g.co/vulnz
) and having a public write-up (nominations will be received
here
).
We’ve received vulnerability reports for various application security flaws in GCP over the years, but we felt research of our Cloud platform has been under-represented in our Vulnerability Reward Program. So, with the GCP VRP Prize, we hope to encourage even more researchers to focus on GCP products and help us identify even more security vulnerabilities.
Note that we will continue to pay hundreds of thousands of dollars to our top bug hunters through our
Vulnerability Research Grants Program
even when no bugs are found, and to reward
up to tens of thousands of dollars per bug
to the most impactful findings. This prize is meant to create an additional incentive for more people to focus on public, open security research on GCP who would otherwise not participate in the reward program.
This competition draws on our previous contests, such as
Pwnium
and the
Project Zero Prize
, and rather than focusing bug hunters on collecting vulnerabilities for complex bug chains, we are attempting a slightly different twist and selecting a single winner out of all vulnerabilities we receive. That said, this approach comes with its own challenges, such as: defining the right incentives for bug hunters (both in terms of research as well as their communications with our team when reporting vulnerabilities); or ensuring there are no conflicting incentives, either when our own team is looking for similar vulnerabilities (since we aren't eligible for collecting the prize).
For the rest of the year, we will be seeking feedback from our top bug hunters and the security community to help define what vulnerabilities are the most significant, and we hope we can work together to find the best way to incentivize, recognize, and reward open security research. To further incentivize research in 2019, we will be issuing GCP VRP grants summing up to $100,000 to our top 2018 researchers.
Head over
here
for the full details on the contest. Note that if you have budget constraints for access to testing environments, you can use the
free tier of GCP
.
We look forward to our Vulnerability Rewards Programs resulting in even more GCP customer protection in the following years thanks to the hard work of the security research community. Follow us on @GoogleVRP.
No hay comentarios :
Publicar un comentario
Etiquetas
#sharethemicincyber
#supplychain #security #opensource
android
android security
android tr
app security
big data
biometrics
blackhat
C++
chrome
chrome enterprise
chrome security
connected devices
CTF
diversity
encryption
federated learning
fuzzing
Gboard
google play
google play protect
hacking
interoperability
iot security
kubernetes
linux kernel
memory safety
Open Source
pha family highlights
pixel
privacy
private compute core
Rowhammer
rust
Security
security rewards program
sigstore
spyware
supply chain
targeted spyware
tensor
Titan M2
VDP
vulnerabilities
workshop
Archive
2024
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2023
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2022
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2021
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2020
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2019
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2018
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2017
dic
nov
oct
sept
jul
jun
may
abr
mar
feb
ene
2016
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2015
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2014
dic
nov
oct
sept
ago
jul
jun
abr
mar
feb
ene
2013
dic
nov
oct
ago
jun
may
abr
mar
feb
ene
2012
dic
sept
ago
jun
may
abr
mar
feb
ene
2011
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
2010
nov
oct
sept
ago
jul
may
abr
mar
2009
nov
oct
ago
jul
jun
mar
2008
dic
nov
oct
ago
jul
may
feb
2007
nov
oct
sept
jul
jun
may
Feed
Follow @google
Follow
Give us feedback in our
Product Forums
.
No hay comentarios :
Publicar un comentario