Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Google Offering Higher Bonuses for Cloud Platform Vulnerabilities

Google announced on Wednesday that it’s prepared to pay out an extra $313,337 for interesting Cloud Platform vulnerabilities submitted in 2020.

Google announced on Wednesday that it’s prepared to pay out an extra $313,337 for interesting Cloud Platform vulnerabilities submitted in 2020.

Researchers who find vulnerabilities in Google Cloud Platform (GCP) and disclose them through the company’s Vulnerability Reward Program (VRP) can earn up to $31,337.

However, last year Google announced that it would be offering an extra $100,000 for the most interesting vulnerabilities discovered in its cloud platform in an effort to encourage researchers to analyze it.

The GCP VRP prize for last year went to Wouter ter Maat, who discovered several Cloud Shell vulnerabilities.

For this year, the total GCP VRP prize amount has been increased to $313,337, which will be split among the six most interesting submissions. The first prize is $133,337, the second and third place get $73,331, fourth place receives $31,337, and the last two will be awarded $1,000 each.

“Like last year, submissions should have public write-ups in order to be eligible for the prize. The number of vulnerability reports in a single write-up is not a factor. You can even make multiple submissions, one for each write-up,” Harshvardan Sharma, information security engineer at Google, wrote in a blog post.

Researchers will have to nominate their vulnerabilities for the prize by filling out a form before January 1, 2021. White hat hackers interested in analyzing GCP products can sign up for a free tier.

Google reported in January that it paid out more than $6.5 million through its bug bounty programs in 2019, with a total of over $21 million since the launch of its first program in 2010.

Related: JavaScript Library Introduced XSS Flaw in Google Search

Related: Google Increases Bug Bounty Program Rewards

Related: Many New Security Features, Services Added to Google Cloud

Related: Google Cloud Platform Flaw Earns Researcher $5,000

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.