NewsStudent Earns $36,337 Bug Bounty for Google App Engine Vulnerability

Student Earns $36,337 Bug Bounty for Google App Engine Vulnerability content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

An 18-year-old student at Uruguay’s University of the Republic has received $36,337 in bug bounties for finding a security vulnerability in Google App Engine. The flaw enabled remote code execution (RCE) in the cloud development platform, making it a critical vulnerability in Google’s eyes.

The student reported the discovery to Google but had no idea how important it was until Google told the researcher to stop work because more investigations could break their system. “I was not aware until then that this was regarded as Remote Code Execution (The highest tier for bugs), it was a very pleasant surprise,” the researcher said. “I asked one of the Googlers in the reward panel about it, and he told me it is RCE for the way Google works and also that the extra $5k (Since they pay $31,337 for RCE bugs) was for a lesser bug.”

View article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories