Starting today and for the next 3 months (until January 31 2022), we will pay 31,337 USD to security researchers that exploit privilege escalation in our lab environment with a patched vulnerability, and 50,337 USD to those that use a previously unpatched vulnerability, or a new exploit technique. We are constantly investing in the security of the Linux Kernel because much of the internet, and Googlefrom the devices in our pockets, to the services running on Kubernetes in the clouddepend on the security of it. We research its vulnerabilities and attacks, as well as study and develop its defenses. But we know that there is more work to do. Thats why we have decided to build on top of our kCTF VRP from last year and triple our previous reward amounts (for at least the next 3 months). Our base rewards for each publicly patched vulnerability is 31,337 USD (at most one exploit per vulnerability), but the reward can go up to 50,337 USD in two cases:
The mechanics are:
|