Tencent floats bug bounties for its cloudy Linux and IoT OSes

Tencent has announced a bug bounty program for its operating systems.

The Chinese consumer cloud giant has two OSes. Tencent OS Server, aka “Tencent Linux” or “Tlinux”, is a Centos-7—based Linux that’s an option to run in Tencent’s hyperscale cloud. TencentOS tiny is suggested as an internet of things OS.

Bug bounty programs are hardly uncommon these days, but geopolitical tensions around tech mean Tencent has good reasons to be open. The company may struggle to find takers for TencentOS tiny if security of devices running it come into question. Buyers are also likely to be less-than-enamoured of Tencent Linux as the company’s cloud expands its global footprint.

The bounties have big payouts: there’s $140,000 on offer for remote code execution or guest escape exploits, and $40k for local privilege escalations or denial of service attacks.

Time is of the essence: if multiple researchers report the same vulnerability, the first reporter gets the cash.

Bug reports can be filed here. ®