One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8392241 |
| Date de publication | 2023-10-06 10:21:05 (vue: 2023-10-06 15:08:02) |
| Titre | Élargir notre programme de récompense d'exploitation à Chrome et à Cloud Expanding our exploit reward program to Chrome and Cloud |
| Texte | Stephen Roettger and Marios Pomonis, Google Software EngineersIn 2020, we launched a novel format for our vulnerability reward program (VRP) with the kCTF VRP and its continuation kernelCTF. For the first time, security researchers could get bounties for n-day exploits even if they didn\'t find the vulnerability themselves. This format proved valuable in improving our understanding of the most widely exploited parts of the linux kernel. Its success motivated us to expand it to new areas and we\'re now excited to announce that we\'re extending it to two new targets: v8CTF and kvmCTF.Today, we\'re launching v8CTF, a CTF focused on V8, the JavaScript engine that powers Chrome. kvmCTF is an upcoming CTF focused on Kernel-based Virtual Machine (KVM) that will be released later in the year.As with kernelCTF, we will be paying bounties for successful exploits against these platforms, n-days included. This is on top of any existing rewards for the vulnerabilities themselves. For example, if you find a vulnerability in V8 and then write an exploit for it, it can be eligible under both the Chrome VRP and the v8CTF.We\'re always looking for ways to improve the security posture of our products, and we want to learn from the security community to understand how they will approach this challenge. If you\'re successful, you\'ll not only earn a reward, but you\'ll also help us make our products more secure for everyone. This is also a good opportunity to learn about technologies and gain hands-on experience exploiting them.Besides learning about exploitation techniques, we\'ll also leverage this program to experiment with new mitigation ideas and see how they perform against real-world exploits. For mitigations, it\'s crucial to assess their effectiveness early on in the process, and you can help us battle test them.How do I participate? |
| Envoyé | Oui |
| Condensat | 2020 about against also always announce any apply approach are areas assess based battle besides both bounties but can challenge check chrome cloud community contains continuation could crucial ctf date day days deployed didn doesn early earn effectiveness eligible engine engineersin even everyone example excited existing expand expanding experience experiment exploit exploitation exploited exploiting exploits extending filling find first flag focused form format forward from gain get good google grab hands have help how ideas identified improve improving included information its javascript kctf kernel kernelctf kvm kvmctf later launched launching learn learning leverage limits linked linux looking machine make marios mitigation mitigations more most motivated new not novel now once only opportunity out page participate parts paying perform platforms pomonis posture powers present process products program proved real released researchers restrictions reward rewards roettger rules secure security see seeing send software stephen success successful sure take targets: techniques technologies test them themselves then these time today top two types under understand understanding upcoming v8ctf valuable version virtual vrp vulnerabilities vulnerability want ways well what widely will world write year you |
| Tags | Vulnerability Cloud |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.