Google ya ba da sanarwar fadada shirin sa na tukuicin tsabar kudi don gano al'amuran tsaro a cikin Linux kernel, Kubernetes dandali na kade-kade, Injin Google Kubernetes (GKE), da kuma kCTF (Kubernetes Capture the Flag) yanayin gasa mai rauni.
Shirin lada ya haɗa da ƙarin biyan kuɗi na $20 don lahani na kwana 0, don cin gajiyar da baya buƙatar tallafi ga wuraren sunan mai amfani, da kuma nuna sabbin hanyoyin amfani. Biyan kuɗi na tushe don nuna cin gajiyar aiki a cikin kCTF shine $ 31337 (ana yin biyan kuɗi na tushe ga ɗan takara na farko don nuna cin gajiyar aiki, amma ana iya amfani da kuɗin lamuni na gaba ga fa'idodi na gaba don irin wannan rauni).
Gabaɗaya, yin la'akari da kari, mafi girman lada don cin gajiyar kwana 1 (matsalolin da aka gano dangane da nazarin gyare-gyaren kwaro a cikin lambar da ba a bayyana a sarari a matsayin rauni ba) na iya kaiwa zuwa $71337 (ya kasance $31337), kuma na kwana 0 (matsalolin da ba a sami gyara ba tukuna) - $91337 (ya kasance $50337). Shirin biyan kuɗi zai yi aiki har zuwa Disamba 31, 2022.
An lura cewa a cikin watanni uku da suka gabata, Google ya sarrafa aikace-aikace 9 tare da bayanai game da raunin da ya faru, wanda aka biya dala dubu 175. Masu binciken da suka shiga sun shirya fa'idodi guda biyar don raunin kwana 0 da biyu don raunin kwana 1. Don matsaloli uku da aka riga aka gyara a cikin Linux kernel (CVE-2021-4154 a cikin cgroup-v1, CVE-2021-22600 a cikin af_packet da CVE-2022-0185 a cikin VFS), an bayyana bayanan a bainar jama'a (an riga an gano waɗannan matsalolin ta hanyar. Syzkaller da gyare-gyare an ƙara su zuwa kwaya bayan raguwa biyu).
source: budenet.ru