The 2020 Google Cloud Platform vulnerability reporting bounty program has ended with six security researchers sharing $313,337 between them for their work in identifying security flaws in GCP over the past year, ZDNet
reports. University student Ezequiel Pereira from Uruguay won a total of $164,674 for his subsequent reports on the discovery of a remote code execution vulnerability in the Google Cloud Deployment Manager. David Nechuta was awarded $73,331 for his discovery of a flaw that enables a server-side request forgery attack and subsequent authentication leak in Google Cloud Monitoring, in addition to the $31,000 he was awarded for his original report. Dylan Ayrey and Allison Donovan won the third prize, amounting to $73,331, for their article, “Fixing a Google Vulnerability,” which identified issues in the default permissions linked to some of the service accounts that GCP services use. Bastien Chatelard, Brad Geesaman and Chris Moberly also received rewards for their individual reports and write-ups.