Security News > 2022 > February > Google almost doubles Linux Kernel, Kubernetes zero-day rewards
Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine, or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques.
"We increased our rewards because we recognized that in order to attract the attention of the community we needed to match our rewards to their expectations," Google Vulnerability Matchmaker Eduardo Vela explained.
While initially announced in November that reports of critical vulnerabilities will get rewards of up to $50,337 depending on their severity, Google now increased the maximum reward to $91,337.
As Google revealed in July 2021, since launching its first VRP over ten years ago, it has rewarded more than 2,000 security researchers from 84 different countries for reporting roughly 11,000 bugs.
All in all, Google said that researchers had earned over $29 million since January 2010, when the Chromium vulnerability reward program was launched.
In the Vulnerability Reward Program: 2021 Year in Review report published last week, the company said that it awarded a record-breaking $8,700,000 in rewards in 2021, including the highest payout in Android VRP history: a $157,000 exploit chain.
News URL
Related news
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)