The initial value of the detected critical vulnerability is $ 2000.
Google has announced that is expanding its program payment of remuneration. From now on information security professionals can receive bonuses not only for identified vulnerabilities in Chrome and other products of Google, but for found gaps in the operating system Android devices Nexus.
The program, dubbed Android Security Rewards, was presented in London as part of the event Black Hat Mobile Summit. Information security expert John Larimer Android (Jon Larimer) reported that qualify for rewards may only discovered flaws in the devices 6 and Nexus Nexus 9. Experts say that the entire Android ecosystem will benefit from a new program paying rewards.
Financial Rewards for identifying critical vulnerability in Android could reach $ 40 thousand, if information security expert will describe in detail the error, compromising the system Android, will be able to play it without direct access to the device and will update, closing the issue.
High assessed vulnerability in the code Android Open Source Project (AOSP), in the core of Android, in TrustZone, in OEM libraries and drivers as well as exploits that bypass the memory protection, including ASLR, Android sandbox server NX. Google will also consider the vulnerability of non-source Android, for example, in firmware, which affect the security of the operating system.
The initial value of the detected critical vulnerability is $ 2000, breach a high degree of danger is estimated at $ 1000, and the errors of moderate severity – $ 500.
No comments:
Post a Comment