Kubernetes Launch Bug Bounty Program

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Kubernetes has recently announced a much-needed step in the light of its popularity and the growing userbase. Reportedly, Kubernetes has launched a bug bounty program for all bug hunters willing to help secure Kubernetes.

Kubernetes Bug Bounty Program

Recently, Kubernetes has announced the launch of a dedicated bug bounty program. This step will supposedly help the owners to secure one of the most widely used technology.

According to the HackerOne blog post, the Kubernetes bug bounty program will operate on HackerOne – one of the popular platforms for bug hunters.

Though, the Google-built open-source container-orchestration system is already looked after by a vigilant security team. Nonetheless, the specific reward program for the entire researchers’ community will further assist in making the open-source platform even safer.

According to Maya Kaczorowski, Product Manager for container security, Google Cloud,

Kubernetes already has a robust security team and response process, further cemented by the recent Kubernetes security audit. We have a stronger and more secure open-source project than we’ve ever had before. By launching a bug bounty program, we’re putting our money where our mouth is – and most importantly, rewarding the researchers already doing this important work. We hope to attract additional security researchers to get more eyes on the code, shakeout security bugs, and back up our work on Kubernetes security with financial support.

$100 to $10,000 Bounties

With the new bug bounty program, Kubernetes has announced rewards ranging from $100 to $10,000 for reporting various bounties. These bounties cover bugs in three tiers.

Tier 1 covers bugs impacting “Core Kubernetes” awarding $10,000, $5000, $1000, and $200 for critical, high, medium, and low severity bugs respectively.

The Tier 2 includes bug affecting non-core GA components. It offers $5000, $2500, $500, and $100 bounties for critical, high, medium, and low severity bugs.

Whereas, Tier 3 includes flaws in Kubernetes infrastructure and alpha features of core Kubernetes. The bounties in tier include $2500, $1250, $250, and $100 for critical, high, medium, and low severity vulnerabilities, respectively.

Detailed information regarding the eligibility criteria under their bounty program is available on the Kubernetes bounty page. For all bugs that do not fall under the scope of the bounty program, the researchers can inform Kubernetes about them via their private vulnerability disclosure option.

Let us know your thoughts in the comments.

Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!