A lokacin watannin da suka gabata Google ya ba da kulawa ta musamman ga batutuwan tsaro samu a cikin kwaya Linux da KubernetesKamar a watan Nuwambar shekarar da ta gabata, Google ya kara girman yawan kudaden da ake biya yayin da kamfanin ya ninka riba mai yawa ga kwarorin da ba a san su ba a cikin kernel na Linux.
Manufar ita ce mutane za su iya gano sabbin hanyoyin yin amfani da kwaya, musamman dangane da Kubernetes da ke gudana a cikin gajimare. Google yanzu ya ba da rahoton cewa shirin gano kwaro ya yi nasara, inda ya sami rahotanni tara a cikin watanni uku tare da raba sama da dala 175,000 ga masu bincike.
Kuma shi ne cewa ta hanyar blog post Google ya sake fitar da sanarwa game da fadada shirin don biyan ladan kuɗi don gano lamuran tsaro a cikin Linux kernel, Kubernetes dandamali ƙungiyar kade-kade, Google Kubernetes Engine (GKE), da Kubernetes Capture the Flag (kCTF) yanayin gasa mai rauni.
Rubutun ya ambaci hakan yanzu shirin lada ya haɗa da ƙarin kari $20,000 don rashin lahani na kwana-kwana don fa'ida wanda baya buƙatar tallafin sararin sunan mai amfani da kuma nuna sabbin dabarun amfani.
Biyan kuɗi na tushe don nuna cin gajiyar aiki a kCTF shine $ 31 (ana bayar da kuɗin tushe ga mai shiga wanda ya fara nuna cin gajiyar aiki, amma ana iya amfani da lamunin lamuni don cin nasara na gaba don irin wannan rauni).
Mun kara lada saboda mun gane cewa don jawo hankalin al'umma muna bukatar mu dace da ladanmu da tsammaninsu. Muna la'akari da fadadawa a matsayin nasara, don haka muna so a kara shi aƙalla har zuwa ƙarshen shekara (2022).
A cikin watanni ukun da suka gabata, mun sami gabatarwa guda 9 kuma mun biya sama da $175 ya zuwa yanzu.
A cikin littafin za mu iya ganin haka duka, la'akari da kari, mafi girman lada don cin zarafi (matsalolin da aka gano dangane da nazarin gyare-gyaren bug a cikin lambar tushe waɗanda ba a bayyana su a matsayin masu lahani ba) za'a iya siyarwa akan 71 337 US dollar (a baya mafi girman lada shine $ 31), kuma ga matsala ta kwana-kwana (matsalolin da ba a sami mafita ba tukuna) ana biyan $ 337 (a baya mafi girman lada shine $ 91,337). Shirin biyan kuɗi zai yi aiki har zuwa Disamba 31, 2022.
Abin lura ne cewa a cikin watanni uku da suka gabata. Google ya aiwatar da buƙatun 9 ctare da bayanai game da raunin da ya faru, wanda aka biya dala dubu 175.
Masu binciken da suka shiga sun shirya fa'idodi biyar don rashin lahani na kwana-kwana da biyu don raunin kwana 1. An bayyana wasu ƙayyadaddun batutuwa guda uku a cikin kernel na Linux a bainar jama'a (CVE-2021-4154 a cikin cgroup-v1, CVE-2021-22600 a cikin af_packet da CVE-2022-0185 a cikin VFS) (an riga an gano waɗannan batutuwa ta hanyar Syzkaller kuma na biyu. an ƙara gyaran kwaro zuwa kwaya).
Waɗannan canje-canjen suna haɓaka wasu fa'idodi na kwanaki 1 zuwa $71 (kamar $337) kuma suna yin iyakar lada don cin gajiyar guda ɗaya $31 (vs. $337). Za mu kuma biya ko da na kwafin aƙalla $91 idan sun nuna dabarun cin nasara (maimakon $337). Koyaya, za mu kuma iyakance adadin lada na kwana 50 zuwa ɗaya kawai a kowane sigar/gini.
Akwai 12-18 GKE sakewa a kowace shekara akan kowane tashar, kuma muna da ƙungiyoyi biyu akan tashoshi daban-daban, don haka za mu biya ladan tushe na 31 USD har zuwa sau 337 (babu iyaka ga kari). Duk da yake ba ma tsammanin kowane sabuntawa ya sami ingantacciyar jigilar rana ta 36, za mu so mu ji in ba haka ba.
Kamar yadda aka ambata a cikin sanarwar cewa jimlar biyan kuɗi ya dogara da dalilai da yawa: idan matsalar da aka gano ta kasance rashin lahani na rana, idan yana buƙatar wuraren sunan mai amfani mara amfani, idan ta yi amfani da wasu sabbin hanyoyin amfani. Kowane ɗayan waɗannan maki ya zo tare da kari na $ 20,000, wanda a ƙarshe yana haɓaka biyan kuɗi don cin gajiyar aiki zuwa $ 91,337.
A ƙarshe sIdan kuna sha'awar ƙarin sani game da shi game da bayanin kula, za ku iya duba cikakkun bayanai a cikin ainihin sakon A cikin mahaɗin mai zuwa.