Tencent floats bug bounties for its cloudy Linux and IoT OSes
CentOS-based code should already be pretty-well explored, but Chinese test isn’t exactly trusted right now ...
Tencent has announced a bug bounty program for its operating systems.
The Chinese consumer cloud giant has two OSes. Tencent OS Server, aka “Tencent Linux” or “Tlinux”, is a Centos-7—based Linux that’s an option to run in Tencent’s hyperscale cloud. TencentOS tiny is suggested as an internet of things OS.
Bug bounty programs are hardly uncommon these days, but geopolitical tensions around tech mean Tencent has good reasons to be open. The company may struggle to find takers for TencentOS tiny if security of devices running it come into question. Buyers are also likely to be less-than-enamoured of Tencent Linux as the company’s cloud expands its global footprint.
The bounties have big payouts: there’s $140,000 on offer for remote code execution or guest escape exploits, and $40k for local privilege escalations or denial of service attacks.
Time is of the essence: if multiple researchers report the same vulnerability, the first reporter gets the cash.
Bug reports can be filed here. ®
- Asahi Linux
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Linux Foundation
- Palo Alto Networks
- Trusted Platform Module
- Zero trust