Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Securing open-source: how Google supports the new Kubernetes bug bounty

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Securing open-source: how Google supports the new Kubernetes bug bounty


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: feedproxy.google.com



At Google, we care deeply about the security of open-source projects, as theyโ€™re such a critical part of our infrastructureโ€”and indeed everyoneโ€™s. Today, the Cloud-Native Computing Foundation (CNCF) announced a new bug bounty program for Kubernetes that we helped create and get up and running. Hereโ€™s a brief overview of the program, other ways we help secure open-source projects and information on how you can get involved.

Launching the Kubernetes bug bounty program

Kubernetes is a CNCF project. As part of its graduation criteria, the CNCF recently funded the projectโ€™s first security audit, to review its core areas and identify potential issues. The audit identified and addressed several previously unknown security issues. Thankfully, Kubernetes already had a Product Security Committee, including engineers from the Google Kubernetes Engine (GKE) security team, who respond to and patch any newly discovered bugs. But the job of securing an open-source project is never done. To increase awareness of Kubernetesโ€™ security model, attract new security researchers, and reward ongoing efforts in the community, the Kubernetes Product Security Committee began discussions in 2018 about launching an official bug bounty program.

Find Kubernetes bugs, get paid

What kind of bugs does the bounty program recognize? Most of the content youโ€™d think of as โ€˜coreโ€™ Kubernetes, included at https://github.com/kubernetes, is in scope. Weโ€™re interested in common kinds of security issues like remote code execution, privilege escalation, and bugs in authentication or authorization. Because Kubernetes is a community project, weโ€™re also interested in the Kubernetes supply chain, including build and release processes that might allow a malicious individual to gain unauthorized access to commits, or otherwise affect build artifacts. This is a bit different from your standard bug bounty as there isnโ€™t a โ€˜liveโ€™ environment for you to testโ€”Kubernetes can be configured in many different ways, and weโ€™re looking for bugs that affect any of those (except when existing configuration options could mitigate the bug). Thanks to the CNCFโ€™s ongoing support and funding of this new program, depending on the bug, you can be rewarded with a bounty anywhere from $100 to $10,000.

The bug bounty program has been in a private release for several months, with invited researchers submitting bugs and to help us test the triage process. And today, the new Kubernetes bug bounty program is live! Weโ€™re excited to see what kind of bugs you discover, and are ready to respond to new reports. You can learn more about the program and how to get involved here.

Dedicated to Kubernetes security

Google has been involved in this new Kubernetes bug bounty from the get-go: proposing the program, completing vendor evaluations, defining the initial scope, testing the process, and onboarding HackerOne to implement the bug bounty solution. Though this is a big effort, itโ€™s part of our ongoing commitment to securing Kubernetes. Google continues to be involved in every part of Kubernetes security, including responding to vulnerabilities as part of the Kubernetes Product Security Committee, chairing the sig-auth Kubernetes special interest group, and leading the aforementioned Kubernetes security audit. We realize that security is a critical part of any userโ€™s decision to use an open-source tool, so we dedicate resources to help ensure weโ€™re providing the best possible security for Kubernetes and GKE.

Although the Kubernetes bug bounty program is new, it isnโ€™t a novel strategy for Google. We have enjoyed a close relationship with the security research community for many years and, in 2010, Google established our own Vulnerability Rewards Program (VRP). The VRP provides rewards for vulnerabilities reported in GKE and virtually all other Google Cloud services. (If you find a bug in GKE that isnโ€™t specific to Kubernetes core, you should still report it to the Google VRP!) Nor is Kubernetes the only open-source project with a bug bounty program. In fact, we recently expanded our Patch Rewards program to provide financial rewards both upfront and after-the-fact for security improvements to open-source projects.

Help keep the worldโ€™s infrastructure safe. Report a bug to the Kubernetes bug bounty, or a GKE bug to the Google VRP.
...



๐Ÿ“Œ Securing Kubernetes: Adding a new hostname or IP address to Kubernetes API Server


๐Ÿ“ˆ 32.13 Punkte

๐Ÿ“Œ Google-Dorks-Bug-Bounty - A List Of Google Dorks For Bug Bounty, Web Application Security, And Pentesting


๐Ÿ“ˆ 31.74 Punkte

๐Ÿ“Œ Fear and hacking on the bug bounty trail: write up of Atlassian's first (Bugcrowd) Bug Bounty event in Sydney


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Bug Bounty Field Manual: The Definitive Guide for Planning, Launching, and Operating a Successful Bug Bounty Program


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Bug Bounty Platforms [Best Choices For a Bug Bounty Program]


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Bug Bounty Benefits | Why You Need a Bug Bounty Program


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ [Bug Bounty Hacker] Yahoo Bug Bounty Program 2016 - Sender Spoofing Vulnerability


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Ebay Inc Bug Bounty Magento Commerce Bug Bounty - Persistent Cross Site Scripting Vulnerability


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Naked Security Live โ€“ When is a bug bounty not a bug bounty?


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ Bug Bounty Field Manual: The Definitive Guide for Planning, Launching, and Operating a Successful Bug Bounty Program


๐Ÿ“ˆ 27.74 Punkte

๐Ÿ“Œ News in brief: ministers โ€˜not securing Twitter accountsโ€™; dark web bug bounty; move on fake news in France


๐Ÿ“ˆ 25.19 Punkte

๐Ÿ“Œ CNCF, Google, and HackerOne Launch Kubernetes Bug Bounty Program


๐Ÿ“ˆ 24.81 Punkte

๐Ÿ“Œ Public Bug Bounty Takes Aim at Kubernetes Container Project


๐Ÿ“ˆ 22.81 Punkte

๐Ÿ“Œ Cloud Native Computing Foundation startet Bug-Bounty-Programm fรผr Kubernetes


๐Ÿ“ˆ 22.81 Punkte

๐Ÿ“Œ Public Bug Bounty Program Launched for Kubernetes


๐Ÿ“ˆ 22.81 Punkte

๐Ÿ“Œ Kubernetes Bug Bounty Program Officially Launched for All Researchers


๐Ÿ“ˆ 22.81 Punkte

๐Ÿ“Œ Kubernetes Launch Bug Bounty Program


๐Ÿ“ˆ 22.81 Punkte

๐Ÿ“Œ HackerOne Launches Bug Bounty Program for Kubernetes


๐Ÿ“ˆ 22.81 Punkte

๐Ÿ“Œ HackerOne Launches Bug Bounty Program for Kubernetes


๐Ÿ“ˆ 22.81 Punkte

๐Ÿ“Œ Internet Bug Bounty: Argo CD CSRF leads to Kubernetes cluster compromise


๐Ÿ“ˆ 22.81 Punkte

๐Ÿ“Œ When it comes to technology, securing your future means securing your present


๐Ÿ“ˆ 22.64 Punkte

๐Ÿ“Œ Apple paid a $50,000 bounty to two bug bounty hunters for hacking its hosts


๐Ÿ“ˆ 22.37 Punkte

๐Ÿ“Œ Huntr-Com-Bug-Bounties-Collector - Keep Watching New Bug Bounty (Vulnerability) Postings


๐Ÿ“ˆ 22.17 Punkte

๐Ÿ“Œ New Google bug bounty allows reporting the abuses of Google API, Chrome, and Android user data


๐Ÿ“ˆ 20.8 Punkte

๐Ÿ“Œ Flying Above the Clouds: Securing Kubernetes - Jack Mannino - AppSecUSA 2018


๐Ÿ“ˆ 20.26 Punkte

๐Ÿ“Œ Flying Above the Clouds: Securing Kubernetes - Jack Mannino - AppSecUSA 2018


๐Ÿ“ˆ 20.26 Punkte

๐Ÿ“Œ Securing Kubernetes Master and Workers


๐Ÿ“ˆ 20.26 Punkte

๐Ÿ“Œ Securing Kubernetes Deployments on AWS โ€“ Guide


๐Ÿ“ˆ 20.26 Punkte

๐Ÿ“Œ Best Practices for Securing Kubernetes Deployments


๐Ÿ“ˆ 20.26 Punkte

๐Ÿ“Œ Securing Front-end Applications in Kubernetes with SSL/TLS


๐Ÿ“ˆ 20.26 Punkte

๐Ÿ“Œ What Is Kubernetes Observability and Why It's Critical for Securing Your Clusters


๐Ÿ“ˆ 20.26 Punkte

๐Ÿ“Œ Securing Kubernetes: Donโ€™t Underestimate the Risk Posed by Misconfigurations


๐Ÿ“ˆ 20.26 Punkte

๐Ÿ“Œ Securing Kubernetes API with Twingate


๐Ÿ“ˆ 20.26 Punkte











matomo