Google Announced Patch Reward Program For Tsunami Security Scanner

The tech giant has announced hefty rewards for bug hunters as part of the new Google Patch Reward Program for Tsunami. With this program, Google aims at enhancing the security scanner’s detection capabilities.

Google Patch Reward Program For Tsunami

Through a recent blog post, Google’s Vulnerability Management Team has announced new reward programs for bug bounty hunters. As elaborated, Google has set up a separate Patch Reward Program for its security scanner Tsunami.

Briefly, Google released its Tsunami security tool in 2020 as a dedicated network scanner. With Tsunami, the tech giant aimed at presenting an open-source tool that can detect open ports, identify running protocols and services, spot vulnerabilities, and more.

And now, the firm intends to expand the tool’s detection capabilities. Hence, it has announced Tsunami patch rewards for researchers and bug hunters.

Under this program, researchers can contribute to the tool under two patch reward heads.

First, they can suggest new vulnerability detection plugins to enhance the tool’s bug identification capabilities for various software, including CMS platforms, web and mail servers, application frameworks, databases, and more. Qualifying vulnerabilities include remotely exploitable flaws that require no authentication or user interaction.

Second, they can enhance the tool’s fingerprinter that empowers Tsunami to identify web apps under scanning. Here, researchers can add prebuilt fingerprint database files of existing versions of apps and/or automation scripts to update those databases.

Google has shared details about these patch reward heads in the rules for Tsunami patch rewards.

Under this program, researchers can win up to $3,133.7 for new critical vulnerabilities (published within two weeks). The other rewards include $2000 for high-severity emergent bugs, $1500 for regular critical bugs, and $1337 for regular high-severity flaws.

Besides, the firm offers a flat $500 bounty for contributing web app fingerprints with automation scripts.

Let us know your thoughts in the comments.

Related posts

NachoVPN Attack Risks Corporate VPN Clients

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites