Google Rewards Student $36,000 for App Engine Flaw

A young cybersecurity researcher from Uruguay’s University of the Republic was recently awarded $$36,337 by Google for discovering a critical remote code execution (RCE) bug in Google App Engine (GAE), a framework and cloud platform for hosting and development of web applications in Google data centers.

The researcher said that he was able gain access to the staging and test GAE deployment environments, which standard users are restricted from accessing.

Upon receiving the bug report, Google asked the researcher to stop exploring further bugs as it could break the system, and awarded him $31,337 for the RCE bug, and an extra $5000 for a lesser one.

Source: ZDNet

Post a Comment