The 2020 Google Cloud Platform vulnerability reporting bounty program has ended with six security researchers sharing $313,337 between them for their work in identifying security flaws in GCP over the past year, ZDNet reports. University student Ezequiel Pereira from Uruguay won a total of $164,674 for his subsequent reports on the discovery of a remote code execution vulnerability in the Google Cloud Deployment Manager. David Nechuta was awarded $73,331 for his discovery of a flaw that enables a server-side request forgery attack and subsequent authentication leak in Google Cloud Monitoring, in addition to the $31,000 he was awarded for his original report. Dylan Ayrey and Allison Donovan won the third prize, amounting to $73,331, for their article, “Fixing a Google Vulnerability,” which identified issues in the default permissions linked to some of the service accounts that GCP services use. Bastien Chatelard, Brad Geesaman and Chris Moberly also received rewards for their individual reports and write-ups.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Higher rewards of up to $250,000 will be given by Google for the discovery of memory corruption flaws in the Chrome browser shown to achieve remote code execution using a non-sandboxed process as part of a more robust vulnerability reward program.
While additional submissions would no longer be accepted by Aug. 31, Google noted that triaging of reports provided before then will be completed by Sept. 15, with rewards to be decided upon before the end of September.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news