May 18, 2012

Google Again Pays for a Discovered Vulnerability

Not so long ago a vulnerability was discovered in one of Google’s services, which would have allowed an attacker to perform a remote command execution on the target system; for example, download and run programs, read and modify files, or retrieve data from the DBMS. This vulnerability was discovered by an expert of Positive Research, Dmitry Serebryannikov, and was eliminated by the joint efforts of experts of the research center and the Google Security Team. The work done has been featured by the Google team as part of their Vulnerability Reward Program, and rewarded by a prize due for such significant discoveries.

The vulnerability had arisen due to a lack of recent updates of third-party software, a "patch" for which was available in the public domain for nearly two years - though that is most often where problems are found with Google applications of in-house design.

Security Bounty Programs, which Google famously offers, are popular among researchers due to the high professionalism of the team, treatment when considering suggestions, speed of vulnerability scanning and ease of obtaining compensation.

This is far from being the only one example of cooperation between Positive Technologies and Google. In 2010, the Corporation of Good had already noted the merits of experts at the research center Positive Research in its Security Hall of Fame, in gratitude for their help in improving the company’s security services.

3 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete