Bug bounty program: Security researchers to torment Google's cloud
Security researchers can now test Google's cloud services for security and earn cash rewards if they are successful.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Google has launched a new bug bounty program to improve the security of its cloud services. Security researchers can receive up to 100,000 US dollars for discovering a security vulnerability. This is according to a recent article.
General conditions
The aim is to discover security vulnerabilities before attackers do and to close the vulnerabilities. Google states that security researchers can now scrutinize more than 150 cloud services that process sensitive user data. These include services such as Cloud Scheduler, Looker and Vertex AI.
Google has compiled the rules of the game for the bug bounty programin an article. Security researchers are only entitled to a cash reward if they adhere to these rules. For example, attacks through security vulnerabilities in outdated browser plug-ins do not count.
Videos by heise
Examples of cash rewards
If a report by a security researcher meets the requirements and discovers a malicious code vulnerability in a cloud product at Tier 1, the maximum reward is USD 101,010. The quality of a report on a vulnerability also influences the amount of money awarded. Above all, a comprehensible description is important so that the Google technicians can reproduce the bug. Security researchers submit information on vulnerabilities via an online form.
There are separate bug bounty programs for other Google products such as Android and Chrome. Anyone who breaks out of the Android hypervisor, for example, can collect a maximum of 250,000 dollars. According to Google, it paid out ten million dollars to security researchers for finding software vulnerabilities in 2023.
(des)
