Security News > 2022 > February > Google almost doubles Linux Kernel, Kubernetes zero-day rewards
Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine, or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques.
"We increased our rewards because we recognized that in order to attract the attention of the community we needed to match our rewards to their expectations," Google Vulnerability Matchmaker Eduardo Vela explained.
While initially announced in November that reports of critical vulnerabilities will get rewards of up to $50,337 depending on their severity, Google now increased the maximum reward to $91,337.
As Google revealed in July 2021, since launching its first VRP over ten years ago, it has rewarded more than 2,000 security researchers from 84 different countries for reporting roughly 11,000 bugs.
All in all, Google said that researchers had earned over $29 million since January 2010, when the Chromium vulnerability reward program was launched.
In the Vulnerability Reward Program: 2021 Year in Review report published last week, the company said that it awarded a record-breaking $8,700,000 in rewards in 2021, including the highest payout in Android VRP history: a $157,000 exploit chain.
News URL
Related news
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- Mixing Rust and C in Linux likened to cancer by kernel maintainer (source)
- 'Key kernel maintainers' still back Rust in the Linux kernel, despite the doubters (source)
- Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable (source)