A mysterious company makes the headlines for offering up to $250,000 for virtual machine (VM) hacks. The “secret” bug bounty program was announced by the crowdsourced security testing platform Bugcrowd.
At the time I was writing the unique information available on the target is that it is an unreleased product.
The program is invitation-only, but anyone can apply for an invite, the organization will contact the final participants.
“Bugcrowd has an exciting opportunity to participate in a private, invite-only program with an undisclosed client, against an unreleased product – with rewards up to $250,000!” reads the announcement published on Bugcrowd.
Candidates must have specific skills on virtual environments, kernel and device driver security, firmware security, and advanced application security.
The hackers must focus their activities in:
Participants can earn between $5,000 and $250,000 for each vulnerability they will report, the duration of the bug bounty program is roughly of 8 weeks, it will start in September.
Bug bounty programs are becoming even more common in the IT security industry, VM hacks are among the issues considered more interesting by the experts. Last year, security experts earned $150,000 for or the hack of the VMware Workstation 12.5.1. reported at the hacking contest 2016 PwnFest held in South Korea at the 2016 Power Of Community (POC) security conference.
This year, during the Pwn2Own contest, the researchers at the Tencent Security’s Team Sniper earned $100,000 for a VMware Workstation exploit that could be exploited by attackers used to escape VMs.
(Security Affairs – bug bounty, VMware)