Security News > 2020 > January > Public Bug Bounty Takes Aim at Kubernetes Container Project

A public bug-bounty program for the Kubernetes container technology framework has just launched, backed by Google, HackerOne and the Cloud Native Computing Foundation.

The program's scope covers code from the main Kubernetes organizations on GitHub, as well as "Continuous integration, release and documentation artifacts," according to a Kubernetes security team post on Tuesday.

"Some open-source bug bounty programs exist, such as the Internet Bug Bounty, this mostly covers core components that are consistently deployed across environments; but most bug bounties are still for hosted web apps," according to the Kubernetes post.

"Kubernetes already has a robust security team and response process, further cemented by the recent Kubernetes security audit," according to a statement by Maya Kaczorowski, product manager for container security at Google Cloud, which first proposed the bug-bounty program.

"We have a stronger and more secure open-source project than we've ever had before. By launching a bug-bounty program, we're putting our money where our mouth is - and most importantly, rewarding the researchers already doing this important work. We hope to attract additional security researchers to get more eyes on the code, shakeout security bugs, and back up our work on Kubernetes security with financial support," Kaczorowski said.

News URL

https://threatpost.com/bounty-program-kubernetes-container/151824/