Developers can now get paid for finding bugs in Kubernetes, the popular open source cloud project started at Google (GOOG, GOOGL)
On Tuesday, the open source cloud project Kubernetes — which was first started at Google and is now — used by over half the Fortune 500, launched a bug bounty program to pay developers for finding flaws in the project.
It’s an unusual move: While bug bounty programs are used by private companies like Uber and Nintendo to help incentivize so-called white-hat hackers to find potential problems before the bad guys do, it’s not common to hear about a similar initiative for an open source project.
The Cloud Native Computing Foundation, to whom Google donated the project, will pay the bounties, while startup HackerOne will be used to report and prioritize bugs.
The Kubernetes security committee hopes to build up a larger security research community for the project, which is vital given how widely it’s being used.
Click here to read more BI Prime stories.
Developers who hunt for and successfully discover bugs in the popular open source cloud project Kubernetes can now get paid for it.
That’s because on Tuesday, the Kubernetes product security committee announced a new bug bounty program, which rewards people for finding bugs in the project. Since Kubernetes launched in 2014, it has become wildly popular, and is used by the three major cloud providers and more than half of the Fortune 500.
Companies like VMware and Red Hat are also betting on it as a major part of their strategy. There’s even a conference, KubeCon, dedicated to Kubernetes, which attracted some 12,000 developers when it was held in 2019.
In this bug bounty program, the Cloud Native Computing Foundation (CNCF) will pay for rewards that range from $100 to $10,000, while the security committee will use the bug bounty platform HackerOne, itself a hot cybersecurity startup, to help prioritize what bugs to fix. By …read more
Source:: Business Insider