Polski

SE-2014-02 Press Info

29 December 2014, Poznan, Poland

Security Explorations, a security and vulnerability research company from Poland receives a reward from Google for discovering security issues in the company's service.

Earlier this month, Security Explorations announced that it discovered multiple security weaknesses in Google App Engine (GAE) for Java [1], but could not complete its research. With a green light from Google, the company could however still proceed with a security investigation of the GAE service [2]. This made it possible to complete the project and gather all necessary material for a planned publication on the topic.

As a recognition of the research and thoroughness of Security Explorations, the panel of Google Vulnerability Reward Program (VRP) [3] decided to issue a reward of 50 000 USD to the company. This is the largest VRP reward Google has given out to date.

Security Explorations thanks Google for the reward and a recognition of its research work.

Google has demonstrated to be setting high standards when it comes to the support and appreciation of an externally conducted security research.

Security Explorations will use the reward to fund and excel its non-commercial security research.

References:

  1. [1] [SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google) (http://seclists.org/fulldisclosure/2014/Dec/26)
  2. [2] [SE-2014-02] Google App Engine Java security sandbox bypasses (status update)
    (http://seclists.org/fulldisclosure/2014/Dec/59)
  3. [3] Google Vulnerability Reward Program (VRP) Rules
    (https://www.google.com/about/appsecurity/reward-program/)


Copyright 2008-2014 Security Explorations. All Rights Reserved.