Google has announced prize money of $313,337 to be distributed among six security researchers who won the bug bounty program of 2020 Google Cloud Platform (GCP). Thus, with the latest announcement, the tech giant has kept its word for rewarding security researchers who found exceptional vulnerabilities on its GCP.
The first among the recipients to receive the money will be a researcher named Ezequiel Pereira, a University Student and security enthusiast who found susceptibility in the remote execution code of GCP Manager.
As per the sources, Pereira submitted a report on the vulnerability last year and received $31,000 at that time. And since the analysis was reaffirmed, the lucky guy was again rewarded with prize money of $133,337 taking the total rewarding count to $164,674 for just one bug revelation.
“Mr. Pereira discovered a bug that allowed him to make requests to Google’s internal servers and authenticated the access as privileged”, said Sharma, an Information Security Engineer at Google. He added that the request made was a server request forgery attack and so he received an award for the identification of the security flaw.
A $73,000 was awarded to David Nechuta as a 2nd prize for discovering a bug of a similar sort that attacked the service uptime feature.
An equivalent amount was also received by two security engineers Dylan Ayrey and Allison Donovan as a 3rd prize for write up to Google vulnerability.
Note- Tech companies often indulge in rewarding programs to take a note of vulnerabilities in their products and services from time to time and Apple was the first to start this culture followed by IBM, Amazon and Google on a respective note.