The 2020 Google Cloud Platform vulnerability reporting bounty program has ended with six security researchers sharing $313,337 between them for their work in identifying security flaws in GCP over the past year, ZDNet reports. University student Ezequiel Pereira from Uruguay won a total of $164,674 for his subsequent reports on the discovery of a remote code execution vulnerability in the Google Cloud Deployment Manager. David Nechuta was awarded $73,331 for his discovery of a flaw that enables a server-side request forgery attack and subsequent authentication leak in Google Cloud Monitoring, in addition to the $31,000 he was awarded for his original report. Dylan Ayrey and Allison Donovan won the third prize, amounting to $73,331, for their article, “Fixing a Google Vulnerability,” which identified issues in the default permissions linked to some of the service accounts that GCP services use. Bastien Chatelard, Brad Geesaman and Chris Moberly also received rewards for their individual reports and write-ups.
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.