Security News > 2020 > May > Google Adds GKE Open-Source Dependencies to Vulnerability Rewards Program
Google this week announced an expansion for its Vulnerability Rewards Program to include critical open-source dependencies of Google Kubernetes Engine.
The announcement builds on the bug bounty program for Kubernetes that the Cloud Native Computing Foundation, in partnership with Google and others, announced earlier this year, and which offers rewards of up to $10,000 for vulnerabilities in the project.
Google is now inviting bug hunters to find vulnerabilities in a lab environment that was set up on GKE based on kCTF, an open-source Kubernetes-based Capture-the-Flag project.
"Any vulnerabilities found outside of GKE should be reported to the corresponding upstream project security teams. To make this program expansion as efficient as possible for the maintainers, we will only reward vulnerabilities shown to be exploitable by stealing a flag," Google explains.
"By including the CTF infrastructure in the scope of the Google VRP, we want to incentivise the community to help us secure not just the CTF competitions that will use it, but also GKE and the broader Kubernetes ecosystems," Google notes.
News URL
Related news
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects (source)