One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8345378 |
| Date de publication | 2023-06-14 11:59:49 (vue: 2023-06-14 17:06:10) |
| Titre | Apprentissage de KCTF VRP \\'s 42 Linux Neule exploite les soumissions Learnings from kCTF VRP\\'s 42 Linux kernel exploits submissions |
| Texte | Tamás Koczka, Security EngineerIn 2020, we integrated kCTF into Google\'s Vulnerability Rewards Program (VRP) to support researchers evaluating the security of Google Kubernetes Engine (GKE) and the underlying Linux kernel. As the Linux kernel is a key component not just for Google, but for the Internet, we started heavily investing in this area. We extended the VRP\'s scope and maximum reward in 2021 (to $50k), then again in February 2022 (to $91k), and finally in August 2022 (to $133k). In 2022, we also summarized our learnings to date in our cookbook, and introduced our experimental mitigations for the most common exploitation techniques.In this post, we\'d like to share our learnings and statistics about the latest Linux kernel exploit submissions, how effective our |
| Envoyé | Oui |
| Condensat | #kernelctf $133 $133k $50k $91k gke 2020 2021 2022 337 able about access actively affected affecting again against align all alone also amounts analyze android android: announcements apps are area areas around ask august autopilot: backporting been benefits better bpf brings build building but bypassed change changing channel clear code common communication community component components comprehensive conclusionour conditions configuration consider container continues cookbook covered currently cve date decided default details developed different difficult disabled disabling discord effective efforts eligible engine engineerin ensures evaluating experiment experimental exploit exploitation exploited exploits explore extended fairly faster february feedback filter finally fixes focus from full furthermore future give gke goal google handle has have heavily help hope how implement incentives inception includes including integrated interest interested internet introduced introducing investigating investing issues its itself join just kctf kernel kernelctf kernelctfto key koczka kubernetes latest learnings like limit limiting linux make maximum measure million mitigations more most moved name new non not now only open original out over own paid part past payout per performance pipeline please possible post primitives process processes production products: chromeos: program promptly protect provides public reacts reasons regarding releases remains researchers result returning reward rewarded rewards runtime safe same: sandbox scope seccomp security select selinux separate separately servers severe share shifting source specific spreadsheet stable stack started starting statistics statisticssince strong structure submission submissions such summarized support system tamás techniques them then these time today total transparencycurrently transparent tree trend: trusted under underlying unreachable updates uring uringto usage usd use used users version vrp vulnerabilities vulnerability ways what which will year |
| Tags | Vulnerability |
| Stories | Uber |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.