Google has announced it is tripling its usual bug bounties for the Linux kernel for at least the next three months.
Bug bounties are an important part of many companies’ efforts to improve and secure their products. Researchers and white hat hackers are paid bounties for bugs they find, in exchange for giving the companies time to fix them before the bug is disclosed.
Although Google doesn’t own Linux, the operating system (OS) forms the backbone of much of the internet and cloud services, and serves as the basis for Google’s Android OS. As a result, Google has a vested interest in the core of Linux, the kernel, being as secure and bug-free as possible.
The company made the announcement in a blog post on Monday:
Starting today and for the next 3 months (until January 31 2022), we will pay 31,337 USD to security researchers that exploit privilege escalation in our lab environment with a patched vulnerability, and 50,337 USD to those that use a previously unpatched vulnerability, or a new exploit technique.