Tencent is offering a bug bounty of up to $140,000 for finding vulnerabilities in its TencentOS tiny and TencentOS server operating system
The Chinese tech giant Tencent announced a bug bounty program of up to $140,000 to be awarded to hackers and security researchers for finding critical vulnerabilities in its TencentOS tiny and TencentOS Server operating systems. Tencent had earlier teamed up with HackerOne for a bug bounty program with rewards of up to $15,000. Now the Chinese multinational has expanded its bug bounty program to cover its operating systems.
However, hackers and security researchers should note that this bug bounty program is valid until December 2020. Tencent wants you to find vulnerabilities in its TencentOS Server and TencentOS Tiny OS versions.
TencentOS Server, aka Tencent Linux and Tlinux is a Linux distro designed for cloud server applications while TencentOS tiny is the Internet of Things (IoT) devices operating system. Tencent had made them both open-source last year. Tencent will award a bug bounty of up to $140,000 to hackers who find remote code execution vulnerabilities with root permissions or to escape a virtual machine and obtain a shell on the host with root privileges. Tencent will award $40,000 for highly critical vulnerabilities like local privilege escalation bugs with the privilege escalation to root, and denial-of-service (DoS) flaws — both remote and local DoS — that can cause a server or host virtual machine to break down.
Tencent will also double the bug bounty for normal vulnerabilities not covered above. It has also made it clear that third-party components used in TencentOS operating systems will not be covered under the bug bounty program. Hackers and researchers who find vulnerabilities can report them to the Tencent Security Response Center (TSRC).