Google ups Linux kernel vulnerability bounties

Google has updated its open-source Kubernetes-based capture-the-flag vulnerability rewards program to increase the maximum payouts for reported Linux security bugs, reports SecurityWeek. Security researchers who will be able to break mitigations added by Google to combat out-of-bounds writes on slab, cross-cache attacks, freelist corruption, and elastic objects, as well as report new flaws in the latest Linux kernel will be given $21,000 in new bonuses, with total earnings from reported critical flaws as part of kCTF potentially reaching $133,337. Google's bolstered bounty program comes six months after kCTF base bounty payouts were increased by nearly twofold. Certain vulnerabilities have also been given high bonuses, with researchers being able to earn up to $91,337 for some exploits. Elevated reward amounts unveiled last year have also been extended indefinitely, according to Google. "We hope this will allow us to learn more about how hard (or easy) it is to bypass our experimental mitigations," said Google.