Finally, their public grouses last year about being under-appreciated are being addressed by one major Kubernetes-driven empire.
Heard the latest buzz about Google offering to almost double some of its payouts to people for finding zero-day vulnerabilities and exploits for Linux Kernel, Kubernetes, Google Kubernetes Engine (GKE), or kCTF vulnerabilities?
Depending on severity, the current reward can go up to US$91,337 instead of the previous US$50,337. At least one expert is not surprised by the generous offer, since Google leverages Kubernetes (its own baby) to run its massive Cloud operations.
According to a Senior Security Engineer, Boris Cipot, Synopsys Software Integrity Group, it is a really good idea to increase incentives for security researchers to find critical vulnerabilities that will eventually help make the software used by Google and its customers, safer.
“This is something that all organizations should strive for; it is never a bad idea to involve security experts in checking software before it is shipped to customers. Penetration tests, infrastructure checks or even development practices should be under constant testing and review to identify exploitable parts,” Cipot said.
Another reason could be that the company is paying heed to the dissatisfaction among security experts and white hat hackers that their services were not being recognized and valued enough: a theme that rose to prominence last year in Twitter groups and certain forums.
“Bug bounty programs are a good thing as they lead to the identification of issues in software that might otherwise lead to critical data breaches. Therefore, the participants involved should be valued and paid accordingly. In the end, these individuals are saving organizations from losing not only their monetary assets, but also their name,” opined Cipot. According to the Google’s ‘vulnerability matchmaker’ Eduardo Vela, the expanded rewards program is announced to last at least until the end of 2022.