Bug Bounties, Cloud Security, Cloud Security, Vulnerability Management

Google Cloud: Here are the six ‘best’ vulnerabilities security researchers found last year

Share

The 2020 Google Cloud Platform vulnerability reporting bounty program has ended with six security researchers sharing $313,337 between them for their work in identifying security flaws in GCP over the past year, ZDNet reports. University student Ezequiel Pereira from Uruguay won a total of $164,674 for his subsequent reports on the discovery of a remote code execution vulnerability in the Google Cloud Deployment Manager. David Nechuta was awarded $73,331 for his discovery of a flaw that enables a server-side request forgery attack and subsequent authentication leak in Google Cloud Monitoring, in addition to the $31,000 he was awarded for his original report. Dylan Ayrey and Allison Donovan won the third prize, amounting to $73,331, for their article, “Fixing a Google Vulnerability,” which identified issues in the default permissions linked to some of the service accounts that GCP services use. Bastien Chatelard, Brad Geesaman and Chris Moberly also received rewards for their individual reports and write-ups.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.
Jill Aitoro

Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.