2 years ago

How did they get from Kubernetes to Linux? Via kCTF, researchers could use https://cloud.google.com/kubernetes-engine instances.

In particular, the discovered bugs tended to be heap memory corruption vulnerabilities Google’s plan had been to build a Linux kernel hacker community.

To help swat Linux kernel security bugs, Google is also launching https://google.github.io/kctf/vrp.html#new-mitigations with additional rewards.

In other words, rather than simply investigating the stable Linux kernels, the hackers will also be checking out Google’s own latest and more experimental Linux security mitigations.