Google has joined forces with the Cloud Native Computing Foundation (CNCF) and HackerOne to launch the bug bounty program for Kubernetes. The program has been running in a ‘beta’ mode with invite-only researchers for several months now.
While driving awareness of Kubernetes’ security model, it aims to secure one of the most widely used open source technologies through the support of the developer and hacker communities.
Interested in helping lock down Kubernetes? Well, the Kubernetes bug bounty program will reward researchers who find vulnerabilities in the container orchestration system, with bounties ranging from $100 to $10,000.
Originally built by Google, Kubernetes was open-sourced way back in the year 2014. The open source container-orchestration system is now being maintained by CNCF. However, Google continues to be involved in the bug bounty right from day one: proposing the program, defining initial scope, and testing the new process.
“We realize that security is a critical part of any user’s decision to use an open-source tool, so we dedicate resources to help ensure we’re providing the best possible security for Kubernetes and GKE,” said Maya Kaczorowski, product manager for container security at Google Cloud.