Google launches $250,000 bug bounty, this time targeting KVM, a virtual machine element

4 months ago 39
BOOK THIS SPACE FOR AD
ARTICLE AD

RICH CHOI

Summary: According to Security Dining Hackread, Google has launched a new bug bounty program worth $250,000. The place to look for bugs is KVM, which is a key part of virtual machine technology. The name of Google’s newly launched bug bounty program is kvmCTF, and the reward is $10,000 to $50,000 for a memory read vulnerability, $20,000 for a DDoS vulnerability, $50,000 to $100,000 for a memory write, and $250,000 for a virtual machine escape. You can win a dollar prize.

start

Entered: 2024–07–03 12:25 Send to Facebook Send to Twitter Send to Naver Band Send to Kakao Story Send to Naver Blog

Summary: According to Security Dining Hackread, Google has launched a new bug bounty program worth $250,000. The place to look for bugs is KVM, which is a key part of virtual machine technology. The name of Google’s newly launched bug bounty program is kvmCTF, and the reward is $10,000 to $50,000 for a memory read vulnerability, $20,000 for a DDoS vulnerability, $50,000 to $100,000 for a memory write, and $250,000 for a virtual machine escape. You can win a dollar prize.

Background: KVM is an open source hypervisor and is known to have a large number of users. It allows you to create and operate multiple virtual machines with one system. If the attacker succeeds in escaping here, he or she will be able to infiltrate multiple virtual machine environments and steal a lot of sensitive information.

Remarks: “Recently, hackers’ interest in virtual machine hypervisors and open source has increased dramatically. Therefore, to better protect users, we started a bug bounty with a large prize money.” -google-

=======================

Bug Bounty, also known as the Vulnerability Reward Program (VRP), is a program that provides a reward or other compensation to the security researcher who hacks a company’s service, software or IT infrastructure, discovers a security vulnerability, and first reports it. This is a crowdsourced penetration testing program.

Read Entire Article