It’s been a while since I’ve published my last article, this is mainly because I’m currently working on a nice project overseas in Asia and enjoying this relaxed life here a little bit. Therefore I also keep this blog post a little short, because it’s just for the record.
In early September, I stumbled – more or less accidentally – over multiple Non-Persistent Cross-Site Scripting vulnerabilities on Google’s Cloud Platform Live while I was indeed searching for a cloud solution (funnily enough), but since the proxy is always running… 😉
I’ve sent the bug report to Google and quickly received an answer from Jose of the Google Security Team with the – among bug hunters – beloved “Nice catch!” answer. Thanks to Jose at this point for his commitment and the really transparent disclosure process. This is a good example how vulnerability coordination should be handled!
I’ve received the bug bounty payment in the meanwhile and got listed in Google’s Hall of Fame – please notice my awesome GIMP skills too 😉
Now, I’m having some delicious Asian seafood paid by Google :-)…